Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

> Infected with Worm.Win32.Netsky, System Shutdown


  • This topic is locked This topic is locked
21 replies to this topic

#1 saltydogs

saltydogs

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 28 January 2010 - 07:40 PM


hello...
i've been working with a moderator who recommended that i do a dds scan and a root repeal scan and post them here.
currently, my computer has been showing two messages:
1. Generic Host Process for Win 32 Services has encountered a problem.
2. DCOM Server process launcher service terminated unexpectedly.

here is the link to previous posts:
http://www.bleepingcomputer.com/forums/ind...p;#entry1598225

here are the reports:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/28 17:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADD40000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\avira\antivir desktop\temp\avguard.tmp
Status: Allocation size mismatch (API: 44679168, Raw: 45285376)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0xb5830cae

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0xb5830ca4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0xb5830cb3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0xb5830cbd

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "IPVNMon.sys" at address 0xf8648803

#: 098 Function Name: NtLoadKey
Status: Hooked by "" at address 0xb5830cc2

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0xb5830c90

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0xb5830c95

#: 193 Function Name: NtReplaceKey
Status: Hooked by "" at address 0xb5830ccc

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0xb5830cc7

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0xb5830cb8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0xb5830c9f

==EOF==



DDS (Ver_09-12-01.01) - NTFSx86
Run by Lori Hoagland at 17:07:05.68 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.75 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Documents and Settings\Lori Hoagland\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [Auto EPSON Stylus CX3800 Series on THEHOAGLANDS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p47 "auto epson stylus cx3800 series on thehoaglands" /o23 "\\thehoaglands\EPSONSty" /M "Stylus CX3800"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Quicktime Player] Quiktime32.exe
dRunOnce: [Quicktime Player] Quiktime32.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05317530-B882-449D-9421-18D94FA3ED34} - hxxp://www.sis.com/support/chipdetect/OSInfo.cab
DPF: {16095503-786F-4097-AED6-5D567A26D760} - hxxp://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwnb.ops.placeware.com/etc/place/NOVEMBER/SCNpws-b1/5.1.5.222/lib/quicksilver.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} - hxxp://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137450405281
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.4967939815
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup151.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli vmdochtr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\loriho~1\applic~1\mozilla\firefox\profiles\8a7xuixy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={5F14FA2F-2123-E1CC-1185-74BEA1D43EB5}&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-31 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-31 56816]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-10-2 2368]
S3 PPDrv;Protector Plus Driver;\??\c:\program files\protector plus\ppdrv.sys --> c:\program files\protector plus\PPDrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SE402RefCameraStill;GD-350V (WDM);c:\windows\system32\drivers\aox402sc.sys [2003-9-19 67332]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [2001-11-29 1432836]
S4 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe --> c:\program files\ewido anti-malware\ewidoctrl.exe [?]
S4 gupdate1c99dd639dca636;Google Update Service (gupdate1c99dd639dca636);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]

=============== Created Last 30 ================

2010-01-28 03:17:30 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-28 03:06:26 0 d-----w- c:\windows\ERUNT
2010-01-28 02:59:07 0 dc----w- C:\SDFix
2010-01-27 19:20:50 0 d-----w- c:\program files\ESET
2010-01-26 21:02:48 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-24 22:32:01 1 -c--a-w- C:\s
2010-01-12 19:27:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-02 03:27:26 0 dc----w- c:\documents and settings\lori hoagland\Tracing
2010-01-02 03:25:57 0 d-----w- c:\program files\Microsoft
2010-01-02 03:25:20 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-02 03:21:48 0 d-----w- c:\program files\common files\Windows Live
2010-01-02 01:49:49 0 dc----w- c:\docume~1\alluse~1\applic~1\AIM
2010-01-02 01:49:06 0 d-----w- c:\program files\AIM7
2010-01-02 01:49:01 0 d-----w- c:\program files\common files\Software Update Utility
2010-01-01 23:09:15 974848 ----a-w- c:\windows\system32\hpost_p02b.dll
2010-01-01 23:09:15 737280 ----a-w- c:\windows\system32\hposwia_p02b.dll
2010-01-01 23:09:15 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-01-01 23:09:15 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-01-01 23:09:15 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2010-01-01 23:03:54 585 ------w- c:\windows\hpomdl36.dat
2010-01-01 23:03:54 130250 ----a-w- c:\windows\hpoins36.dat
2010-01-01 21:36:17 5243 ----a-w- c:\windows\system32\MSHOME
2010-01-01 21:25:55 5287 ----a-w- c:\windows\system32\USB001
2010-01-01 19:41:29 0 dc----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-01-01 19:39:01 121344 ----a-w- c:\windows\system32\hpf3l083.dll

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 18:31:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 22:33:33 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-08 02:01:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-29 23:52:01 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe
2009-11-27 15:34:00 5459008 ----a-w- c:\program files\TVUPlayer2.5.0.1.exe
2009-11-24 18:59:28 61808 ---ha-w- c:\windows\system32\mlfcache.dat
2005-08-20 18:08:23 7248896 ----a-w- c:\program files\avwinsfx.exe
2005-08-07 02:42:08 0 ----a-w- c:\program files\index.jsp
2005-08-01 23:06:55 4633184 ----a-w- c:\program files\pi-installer.exe
2004-10-06 11:36:11 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2002-06-28 15:06:24 30 -c--a-w- c:\program files\Uninstall.bat
2002-06-28 15:06:24 27 ----a-w- c:\program files\Install.bat
2004-08-04 07:56:57 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
2005-12-02 20:20:29 56 --sh--r- c:\windows\system32\8169F249CF.sys
2005-12-02 20:20:39 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:10:05.68 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2004 11:10:35 PM
System Uptime: 1/28/2010 5:01:03 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S8X-MX
Processor: Intel® Pentium® 4 CPU 2.40GHz | Socket 478 | 2394/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 33.99 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
G: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1087: 11/27/2009 3:39:02 PM - System Checkpoint
RP1088: 11/29/2009 1:05:58 AM - System Checkpoint
RP1089: 11/30/2009 1:29:03 AM - System Checkpoint
RP1090: 12/1/2009 3:46:57 PM - System Checkpoint
RP1091: 12/3/2009 3:55:35 PM - System Checkpoint
RP1092: 12/4/2009 7:28:45 PM - System Checkpoint
RP1093: 12/5/2009 11:22:50 AM - Installed Windows Media Player 11
RP1094: 12/5/2009 11:32:54 AM - Installed Windows XP MSCompPackV1.
RP1095: 12/6/2009 11:33:30 AM - System Checkpoint
RP1096: 12/7/2009 2:32:14 PM - System Checkpoint
RP1097: 12/8/2009 6:52:15 PM - System Checkpoint
RP1098: 12/8/2009 9:27:41 PM - Software Distribution Service 3.0
RP1099: 12/9/2009 6:38:34 PM - Logitech Webcam Software v12.10.1110
RP1100: 12/10/2009 7:06:18 PM - System Checkpoint
RP1101: 12/10/2009 7:49:58 PM - Logitech Webcam Software v12.10.1110
RP1102: 12/11/2009 8:41:04 PM - System Checkpoint
RP1103: 12/12/2009 10:43:06 PM - System Checkpoint
RP1104: 12/13/2009 5:25:04 PM - Logitech Camera Driver Install
RP1105: 12/13/2009 5:41:46 PM - Installed ooVoo
RP1106: 12/13/2009 5:46:08 PM - Installed ooVoo
RP1107: 12/13/2009 6:08:43 PM - Removed ooVoo
RP1108: 12/14/2009 6:16:13 PM - System Checkpoint
RP1109: 12/16/2009 3:39:29 PM - System Checkpoint
RP1110: 12/17/2009 9:24:29 PM - System Checkpoint
RP1111: 12/18/2009 10:10:10 PM - System Checkpoint
RP1112: 12/20/2009 5:02:07 PM - System Checkpoint
RP1113: 12/21/2009 6:12:59 PM - System Checkpoint
RP1114: 12/22/2009 7:31:44 PM - System Checkpoint
RP1115: 12/24/2009 8:05:30 AM - System Checkpoint
RP1116: 12/25/2009 8:39:39 AM - System Checkpoint
RP1117: 12/26/2009 10:07:11 AM - System Checkpoint
RP1118: 12/27/2009 11:36:48 AM - System Checkpoint
RP1119: 12/28/2009 12:15:41 PM - System Checkpoint
RP1120: 12/29/2009 1:24:25 PM - System Checkpoint
RP1121: 12/30/2009 1:32:35 PM - System Checkpoint
RP1122: 12/31/2009 6:00:51 PM - System Checkpoint
RP1123: 1/1/2010 5:25:39 PM - Removed HP Update
RP1124: 1/2/2010 1:00:41 PM - Software Distribution Service 3.0
RP1125: 1/3/2010 4:13:06 PM - System Checkpoint
RP1126: 1/4/2010 5:01:38 PM - System Checkpoint
RP1127: 1/5/2010 6:29:52 PM - System Checkpoint
RP1128: 1/6/2010 6:44:04 PM - System Checkpoint
RP1129: 1/8/2010 11:47:41 AM - System Checkpoint
RP1130: 1/9/2010 1:46:37 PM - System Checkpoint
RP1131: 1/10/2010 4:46:02 PM - System Checkpoint
RP1132: 1/11/2010 5:02:49 PM - System Checkpoint
RP1133: 1/12/2010 5:26:56 PM - System Checkpoint
RP1134: 1/12/2010 7:35:49 PM - Software Distribution Service 3.0
RP1135: 1/13/2010 8:13:19 PM - System Checkpoint
RP1136: 1/14/2010 8:47:55 PM - System Checkpoint
RP1137: 1/15/2010 9:21:16 PM - System Checkpoint
RP1138: 1/16/2010 10:07:45 PM - System Checkpoint
RP1139: 1/17/2010 11:07:48 PM - System Checkpoint
RP1140: 1/19/2010 1:55:00 PM - System Checkpoint
RP1141: 1/19/2010 10:05:18 PM - Software Distribution Service 3.0
RP1142: 1/20/2010 10:27:00 PM - System Checkpoint
RP1143: 1/22/2010 9:55:45 AM - System Checkpoint
RP1144: 1/22/2010 1:00:35 PM - Software Distribution Service 3.0
RP1145: 1/23/2010 1:49:34 PM - System Checkpoint
RP1146: 1/24/2010 2:17:44 PM - System Checkpoint
RP1147: 1/26/2010 3:49:54 PM - Removed SUPERAntiSpyware Free Edition
RP1148: 1/26/2010 3:55:06 PM - Removed SUPERAntiSpyware Free Edition
RP1149: 1/26/2010 4:03:32 PM - Installed SUPERAntiSpyware Free Edition
RP1150: 1/27/2010 4:09:01 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Across Lite 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.7
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blaze Media Pro
Bluetooth Remote Control
Bonjour
BPD_Scan
CCleaner
Cheetah CD Burner
CleanUp!
CLEP Sampler
Contextual Tool Adssite
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DriverAgent by eSupport.com
ESET Online Scanner v3
Fast Browser Search (My Face LOL)
Google Earth
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photosmart C4600 All-In-One Driver 13.0 Rel .5
HP_Network_UserGuide
iPhone Configuration Utility
iTunes
Java™ 6 Update 13
Java™ 6 Update 6
Java™ 6 Update 7
Karen's Replicator
LimeWire 5.3.6
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MVision
Network
OCR Software by I.R.I.S 7.0
PC Connectivity Solution
Picasa 3
PS_AIO_05_C4600_Software_Min
QuickTime
RonyaSoft CD DVD Label Maker 2.01
Safari
Scan
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype™ 4.0
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Toolbox
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Cutter 1.0
Videora iPod touch Converter 5.03
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordBiz version 1.8
Xiph QuickTime Components
Yahoo! Browser Services
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

1/28/2010 5:07:17 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
1/26/2010 3:55:26 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/26/2010 3:51:38 PM, error: iviVD [9] - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.
1/26/2010 3:51:38 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/26/2010 3:51:38 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/26/2010 3:46:46 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 3:46:46 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/26/2010 3:38:13 PM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.
1/26/2010 3:02:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/26/2010 3:02:06 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 2:40:31 PM, error: Service Control Manager [7024] - The Remote Access Connection Manager service terminated with service-specific error 3221356592 (0xC0020030).
1/26/2010 2:07:35 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 2:07:35 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 2:07:35 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/26/2010 2:07:35 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A system call that should never fail has failed.
1/26/2010 2:07:35 PM, error: Service Control Manager [7022] - The Wireless Zero Configuration service hung on starting.
1/26/2010 2:07:35 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
1/26/2010 2:07:35 PM, error: Service Control Manager [7022] - The Net Driver HPZ12 service hung on starting.
1/26/2010 2:07:35 PM, error: Service Control Manager [7022] - The DHCP Client service hung on starting.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The dependency service or group failed to start.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Routing and Remote Access service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:07:35 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The pipe state is invalid.
1/26/2010 2:02:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/26/2010 11:05:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
1/26/2010 11:05:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2010 11:05:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2010 11:05:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2010 11:05:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2010 11:05:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/26/2010 1:54:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/26/2010 1:50:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/26/2010 1:37:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SASDIFSV SASKUTIL
1/26/2010 1:37:26 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The pipe has been ended.

==== End Of File ===========================

thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:23 AM

Posted 06 February 2010 - 06:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 February 2010 - 08:09 AM

Thanks for the reply. My PC will randomly shut down. I encounter the message, "Generic host process for Win32 services has encountered a problem and needs to close." Then, "SYSTEM SHUTDOWN" with the message, "Windows must now restart because the DCOM Server Process Launcher Service terminated unexpectedly". And the computer reboots.
The scans you requested are attached, broken into 2 replies because of length. I had a problem with GMER. The scan would freeze and I would have to start over. I did this maybe 5 times and realized the scan froze on the; Sections:C:\windows\system32\drivers\atapi.sys.
So I unchecked the SECTIONS tab to complete the scan.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Lori Hoagland at 13:06:21.48 on Sun 02/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.150 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Documents and Settings\Lori Hoagland\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Auto EPSON Stylus CX3800 Series on THEHOAGLANDS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p47 "auto epson stylus cx3800 series on thehoaglands" /o23 "\\thehoaglands\EPSONSty" /M "Stylus CX3800"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Quicktime Player] Quiktime32.exe
dRunOnce: [Quicktime Player] Quiktime32.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05317530-B882-449D-9421-18D94FA3ED34} - hxxp://www.sis.com/support/chipdetect/OSInfo.cab
DPF: {16095503-786F-4097-AED6-5D567A26D760} - hxxp://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwnb.ops.placeware.com/etc/place/NOVEMBER/SCNpws-b1/5.1.5.222/lib/quicksilver.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} - hxxp://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137450405281
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.4967939815
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup151.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli vmdochtr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\loriho~1\applic~1\mozilla\firefox\profiles\8a7xuixy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={5F14FA2F-2123-E1CC-1185-74BEA1D43EB5}&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-31 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-31 56816]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-10-2 2368]
S3 PPDrv;Protector Plus Driver;\??\c:\program files\protector plus\ppdrv.sys --> c:\program files\protector plus\PPDrv.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SE402RefCameraStill;GD-350V (WDM);c:\windows\system32\drivers\aox402sc.sys [2003-9-19 67332]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [2001-11-29 1432836]
S4 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe --> c:\program files\ewido anti-malware\ewidoctrl.exe [?]
S4 gupdate1c99dd639dca636;Google Update Service (gupdate1c99dd639dca636);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]

=============== Created Last 30 ================

2010-01-28 03:17:30 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-28 03:06:26 0 d-----w- c:\windows\ERUNT
2010-01-28 02:59:07 0 dc----w- C:\SDFix
2010-01-27 19:20:50 0 d-----w- c:\program files\ESET
2010-01-26 21:02:48 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-24 22:32:01 1 -c--a-w- C:\s
2010-01-12 19:27:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 18:31:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-01 23:12:09 130250 ----a-w- c:\windows\hpoins36.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 22:33:33 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-11-29 23:52:01 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe
2009-11-27 15:34:00 5459008 ----a-w- c:\program files\TVUPlayer2.5.0.1.exe
2009-11-24 18:59:28 61808 ---ha-w- c:\windows\system32\mlfcache.dat
2005-08-20 18:08:23 7248896 ----a-w- c:\program files\avwinsfx.exe
2005-08-07 02:42:08 0 ----a-w- c:\program files\index.jsp
2005-08-01 23:06:55 4633184 ----a-w- c:\program files\pi-installer.exe
2004-10-06 11:36:11 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2002-06-28 15:06:24 30 -c--a-w- c:\program files\Uninstall.bat
2002-06-28 15:06:24 27 ----a-w- c:\program files\Install.bat
2004-08-04 07:56:57 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
2005-12-02 20:20:29 56 --sh--r- c:\windows\system32\8169F249CF.sys
2005-12-02 20:20:39 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:08:45.93 ===============


DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2004 11:10:35 PM
System Uptime: 2/7/2010 1:02:36 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S8X-MX
Processor: Intel® Pentium® 4 CPU 2.40GHz | Socket 478 | 2394/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 33.698 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1087: 11/27/2009 3:39:02 PM - System Checkpoint
RP1088: 11/29/2009 1:05:58 AM - System Checkpoint
RP1089: 11/30/2009 1:29:03 AM - System Checkpoint
RP1090: 12/1/2009 3:46:57 PM - System Checkpoint
RP1091: 12/3/2009 3:55:35 PM - System Checkpoint
RP1092: 12/4/2009 7:28:45 PM - System Checkpoint
RP1093: 12/5/2009 11:22:50 AM - Installed Windows Media Player 11
RP1094: 12/5/2009 11:32:54 AM - Installed Windows XP MSCompPackV1.
RP1095: 12/6/2009 11:33:30 AM - System Checkpoint
RP1096: 12/7/2009 2:32:14 PM - System Checkpoint
RP1097: 12/8/2009 6:52:15 PM - System Checkpoint
RP1098: 12/8/2009 9:27:41 PM - Software Distribution Service 3.0
RP1099: 12/9/2009 6:38:34 PM - Logitech Webcam Software v12.10.1110
RP1100: 12/10/2009 7:06:18 PM - System Checkpoint
RP1101: 12/10/2009 7:49:58 PM - Logitech Webcam Software v12.10.1110
RP1102: 12/11/2009 8:41:04 PM - System Checkpoint
RP1103: 12/12/2009 10:43:06 PM - System Checkpoint
RP1104: 12/13/2009 5:25:04 PM - Logitech Camera Driver Install
RP1105: 12/13/2009 5:41:46 PM - Installed ooVoo
RP1106: 12/13/2009 5:46:08 PM - Installed ooVoo
RP1107: 12/13/2009 6:08:43 PM - Removed ooVoo
RP1108: 12/14/2009 6:16:13 PM - System Checkpoint
RP1109: 12/16/2009 3:39:29 PM - System Checkpoint
RP1110: 12/17/2009 9:24:29 PM - System Checkpoint
RP1111: 12/18/2009 10:10:10 PM - System Checkpoint
RP1112: 12/20/2009 5:02:07 PM - System Checkpoint
RP1113: 12/21/2009 6:12:59 PM - System Checkpoint
RP1114: 12/22/2009 7:31:44 PM - System Checkpoint
RP1115: 12/24/2009 8:05:30 AM - System Checkpoint
RP1116: 12/25/2009 8:39:39 AM - System Checkpoint
RP1117: 12/26/2009 10:07:11 AM - System Checkpoint
RP1118: 12/27/2009 11:36:48 AM - System Checkpoint
RP1119: 12/28/2009 12:15:41 PM - System Checkpoint
RP1120: 12/29/2009 1:24:25 PM - System Checkpoint
RP1121: 12/30/2009 1:32:35 PM - System Checkpoint
RP1122: 12/31/2009 6:00:51 PM - System Checkpoint
RP1123: 1/1/2010 5:25:39 PM - Removed HP Update
RP1124: 1/2/2010 1:00:41 PM - Software Distribution Service 3.0
RP1125: 1/3/2010 4:13:06 PM - System Checkpoint
RP1126: 1/4/2010 5:01:38 PM - System Checkpoint
RP1127: 1/5/2010 6:29:52 PM - System Checkpoint
RP1128: 1/6/2010 6:44:04 PM - System Checkpoint
RP1129: 1/8/2010 11:47:41 AM - System Checkpoint
RP1130: 1/9/2010 1:46:37 PM - System Checkpoint
RP1131: 1/10/2010 4:46:02 PM - System Checkpoint
RP1132: 1/11/2010 5:02:49 PM - System Checkpoint
RP1133: 1/12/2010 5:26:56 PM - System Checkpoint
RP1134: 1/12/2010 7:35:49 PM - Software Distribution Service 3.0
RP1135: 1/13/2010 8:13:19 PM - System Checkpoint
RP1136: 1/14/2010 8:47:55 PM - System Checkpoint
RP1137: 1/15/2010 9:21:16 PM - System Checkpoint
RP1138: 1/16/2010 10:07:45 PM - System Checkpoint
RP1139: 1/17/2010 11:07:48 PM - System Checkpoint
RP1140: 1/19/2010 1:55:00 PM - System Checkpoint
RP1141: 1/19/2010 10:05:18 PM - Software Distribution Service 3.0
RP1142: 1/20/2010 10:27:00 PM - System Checkpoint
RP1143: 1/22/2010 9:55:45 AM - System Checkpoint
RP1144: 1/22/2010 1:00:35 PM - Software Distribution Service 3.0
RP1145: 1/23/2010 1:49:34 PM - System Checkpoint
RP1146: 1/24/2010 2:17:44 PM - System Checkpoint
RP1147: 1/26/2010 3:49:54 PM - Removed SUPERAntiSpyware Free Edition
RP1148: 1/26/2010 3:55:06 PM - Removed SUPERAntiSpyware Free Edition
RP1149: 1/26/2010 4:03:32 PM - Installed SUPERAntiSpyware Free Edition
RP1150: 1/27/2010 4:09:01 PM - System Checkpoint
RP1151: 1/28/2010 7:02:15 PM - System Checkpoint
RP1152: 1/31/2010 9:36:59 AM - System Checkpoint
RP1153: 2/1/2010 3:02:16 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Across Lite 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.7
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blaze Media Pro
Bluetooth Remote Control
Bonjour
BPD_Scan
CCleaner
Cheetah CD Burner
CleanUp!
CLEP Sampler
Contextual Tool Adssite
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DriverAgent by eSupport.com
ESET Online Scanner v3
Fast Browser Search (My Face LOL)
Google Earth
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photosmart C4600 All-In-One Driver 13.0 Rel .5
HP_Network_UserGuide
iPhone Configuration Utility
iTunes
Java™ 6 Update 13
Java™ 6 Update 6
Java™ 6 Update 7
Karen's Replicator
LimeWire 5.3.6
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MVision
Network
OCR Software by I.R.I.S 7.0
PC Connectivity Solution
Picasa 3
PS_AIO_05_C4600_Software_Min
QuickTime
RonyaSoft CD DVD Label Maker 2.01
Safari
Scan
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype™ 4.0
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Toolbox
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Cutter 1.0
Videora iPod touch Converter 5.03
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordBiz version 1.8
Xiph QuickTime Components
Yahoo! Browser Services
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

2/7/2010 9:03:32 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/7/2010 8:58:36 AM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 0015F2B9A6A9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2/7/2010 1:06:26 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
1/31/2010 10:06:24 AM, error: iviVD [9] - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.
1/31/2010 10:06:24 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/31/2010 10:06:24 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/31/2010 10:03:02 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/31/2010 10:03:02 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 07:30:12
Windows 5.1.2600 Service Pack 3
Running: x7s26ijr.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys



#4 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 February 2010 - 08:13 AM

gmer cont...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 07:30:12
Windows 5.1.2600 Service Pack 3
Running: x7s26ijr.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x8058FDF3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805756D8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x80588D69]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x8059112E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x8058EE53]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x806380EC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x8063A27D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x8063A2C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x80573BFE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x806490BB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x806378A7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x8058E471]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x8062F9E8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8057A76F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x80589CF8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x8062694D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DD3C1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80569153]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805D975F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805A24CA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E2CB4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x806490CF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805C9B16]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804ECFAC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x805697FF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x80567A6D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x8058E8DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x8064E9B0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058AAE8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80590B3B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x8064EC1D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x80588DBB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E1FF2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x8065A0C8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805A2892]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8056FDBA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x806491C0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x8056F600]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x80591387]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805AB1C0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x8062FE91]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80572E9D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805D9650]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x8057AB3F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058530F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BBDC7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x805975B1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805B136A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x80581030]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x806497F7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805652B3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x805795F5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x8059F509]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x8057BD7A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059E5E5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805A8B68]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805DB11C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x8065B241]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x8065B39B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80566410]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x80588855]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805D8003]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x805952BE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x8063A31D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x80592D50]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x8057CB30]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BEF91]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x80573FE9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8057E40A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x805735A4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80648B47]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80590669]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x80625774]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805B0B4E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x8058AD78]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x805889D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x8056E42A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DC588]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x8059ACCC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x806271AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x80626D02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x80569A7E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8057A657]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805E03EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x8062C1C7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x8059FDC9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053B75D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x805975D5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x8058A554]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x8057F3AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805A8074]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x8062BF93]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x8062FD47]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x8062C1AE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AA701]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x805A3B01]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805AED6D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805AEBAA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8058983B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805B0D1E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805D0ECF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B01A0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x8059F956]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x8059F8D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x80625E39]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062630D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x80578A81]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x8058BD14]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x8058BA5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x8058BB26]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x80590A34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8057F72C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x806492B3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x8056F59B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x806167DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806300E9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x80568EE9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x8057ABED]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805953A9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805741D0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x80570735]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8057092E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x8056E203]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x8059EFC5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x80590900]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x8058B58D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x805701D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x80570143]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x806490E9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x805DB2DC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x8059C9C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805DD996]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DD230]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805AA844]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x8057457F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805DB074]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x8057680C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804F7E4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x80566B82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8057FE6B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x805792CB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x80585771]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80616A28]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x80590AB1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057DC39]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805D76E0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x80577B8B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80581C71]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x8062323F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x80570370]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x8056719E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x80570E9F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8057F870]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80649CA7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x8061689C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x805732AD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x8064E394]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x8064962C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x80580878]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064E59D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x805674D8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x806172EF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8057E8F4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DD836]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x8064840F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x80590771]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80648B6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x80648B34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8057D062]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x805911B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805885D6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x805853D7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x8056A382]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x80570A2C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8056F843]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x80591089]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E203A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x8064814B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x80576471]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x805DA827]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x8058A899]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8057F0A0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x8057C4C7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056647B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x805892CE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80566F99]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8065B316]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x8064E812]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x8064F16E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8057E103]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x8056B9BE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8056B4D6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x8062331E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x8062C13B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805DD5EC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x8056DA20]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x8062BF34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059EB88]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053BBF2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x8064ED05]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x8062F988]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x8057C3ED]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x8064EE06]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x8064EEF1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8064F01E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x8058F4DC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x8062DD47]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8065CE60]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805D564F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805AE869]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805AE810]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x80616F77]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x8056984E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x8056C6C8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x806495B3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x806494D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x8065ACB7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80576CA4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805AB314]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x8064DEF7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8057F7A2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x80570441]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x8056C2B0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805A8700]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x806497D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x8056C165]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8062EA6B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x80649547]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x8064945F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x806172C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x8059B19B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x80648E0C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x805A7BED]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x8066770B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x80647A95]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805E015A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E579B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805E07E0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805AAA2B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x80579A43]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x8061780B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x806471DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80517361]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80649A3E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80649BF7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x8062F92D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x805E0456]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x80649D57]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x80630263]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x805836B0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x8057B496]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x8057BED4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80545B10]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x80648B5B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80619C2E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x8064DA6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8064DC97]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8058999B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x80627225]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x80578606]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B79C7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8065AA02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805666C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056617C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x806493F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x80649387]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x80576F4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805DA45D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058AA86]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x8057F198]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x804F0EA6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805CBD85]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x805829FC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8064A1CB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x8064A466]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x8062D52B]

INT 0x00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E164F
INT 0x0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x10 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1A99
INT 0x11 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1BCE
INT 0x12 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x13 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1D34
INT 0x14 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x15 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x16 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x17 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x18 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E197C
INT 0x30 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCF0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCFA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD0E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD18
INT 0x35 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD22
INT 0x36 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD2C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD40
INT 0x39 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD4A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD54
INT 0x3B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD5E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD68
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0B70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD7C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD86
INT 0x40 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD90
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F09CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE26
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEDA
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F878C67E
INT 0x63 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F85B9E54
INT 0x64 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF84
INT 0x73 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F85B9E54
INT 0x74 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE01A
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F878C67E
INT 0x83 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F85B9E54
INT 0x84 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0BA
INT 0x92 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0C4
INT 0x93 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0CE
INT 0x94 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0D8
INT 0x95 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE164
INT 0xA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE16E
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE178
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1F0
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F87F231E
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE20E
INT 0xB4 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F85B9E54
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE290
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2D6
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2E0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2EA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2F4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2FE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE308
INT 0xCD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE312
INT 0xCE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE31C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE326
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE330
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EED34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE344
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE34E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE358
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE362
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE36C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE376
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE380
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE38A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE394
INT 0xDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE39E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3A8
INT 0xDD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3B2
INT 0xDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3BC
INT 0xDF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3C6
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3D0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3E4
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3F8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE402
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE40C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE416
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE420
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE42A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE434
INT 0xEB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE43E
INT 0xEC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE448
INT 0xED \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE452
INT 0xEE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE459
INT 0xEF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE460
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE467
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE46E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE475
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE47C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE483
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE48A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE491
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE498
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE49F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4A6
INT 0xFA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4AD
INT 0xFB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4B4
INT 0xFC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4BB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0464
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4D0

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DE6F0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\MSGINA.dll [COMCTL32.dll!InitCommonControlsEx] [5D093619] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!ImageList_Create] [5D0A0205] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!ImageList_ReplaceIcon] [5D09C7F4] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!PropertySheetW] [5D0C8C61] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!PropertySheetA] [5D0C8C79] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!PropertySheetW] [5D0C8C61] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C396F] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!InitCommonControlsEx] [5D093619] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_GetIconSize] [5D09E33A] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Destroy] [5D0A03D8] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Draw] [5D0ADFF1] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[216] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreateToolbarEx] [5D0AE56B] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\BROWSEUI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\OLEAUT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHDOCVW.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\MSASN1.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\CRYPTUI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\VERSION.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\urlmon.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\iertutil.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WINTRUST.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\IMAGEHLP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WLDAP32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\UxTheme.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WINMM.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\MSACM32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\IMM32.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USP10.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\comctl32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\serwvdrv.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\msctfime.ime [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\mswsock.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\appHelp.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\CLBCATQ.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\cscui.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\CSCDLL.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\themeui.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\LINKINFO.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ntshrui.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ATL.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\msi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SETUPAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ieframe.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\NETSHELL.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\credui.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WTSAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\eappcfg.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\MLANG.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C396F] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [COMCTL32.dll!DestroyPropertySheetPage] [5D0C3694] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\MPR.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\ntlanman.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\NETUI0.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\System32\davclnt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\rsaenh.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Device\00000033
Device \Device\00000026
Device \Driver\pxtdapow \Device\pxtdapow pxtdapow.sys
Device \Driver\pxtdapow \Device\pxtdapow ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Device\KeyboardClass1
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000050
Device \Device\00000043
Device \Device\00000037
Device \Device\0000000a
Device \Driver\usbehci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\PointerClass1
Device \Device\Processor
Device \Device\00000044
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000052 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000052 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Device\00000045
Device \Device\00000039
Device \Device\0000000c
Device \Device\FloppyPDO0
Device \Driver\usbohci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\LHidfltr
Device \Device\NTPNP_PCI0000
Device \Device\00000053
Device \Device\00000046
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\usbohci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000060
Device \Device\NTPNP_PCI0001
Device \Device\00000054
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Device\USBPDO-4
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Device\00000061
Device \Driver\PCI \Device\NTPNP_PCI0002 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000055
Device \Device\00000048
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\usbhub \Device\USBPDO-5 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000062
Device \Device\NTPNP_PCI0010
Device \Device\NTPNP_PCI0003
Device \Driver\ACPI \Device\00000056 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000049
Device \Device\0000001d
Device \Driver\ACPI \Device\00000070 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\isapnp \Device\00000063 isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\00000063 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\NTPNP_PCI0011
Device \Device\NTPNP_PCI0004
Device \Driver\ACPI \Device\00000057 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000002a
Device \Device\0000001e
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000071 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000064
Device \Device\NTPNP_PCI0012
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000002b
Device \Device\0000001f
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000065
Device \Device\00000059
Device \Device\0000002c
Device \Driver\Cdrom \Device\CdRom1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\i
Device \Driver\PCI \Device\NTPNP_PCI0007 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000073 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom2 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\hidusb \Device\00000080 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\hidusb \Device\00000080 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000074 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000067 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\hidusb \Device\00000081 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\hidusb \Device\00000081 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000075 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbhub \Device\00000076 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000076 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000077 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000077 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004b ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004b ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004b ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\LHidUsb \Device\LHidusb LHidUsb.Sys (Logitech USB Mouse Function Driver./Logitech, Inc.)
Device \Driver\LHidUsb \Device\LHidusb ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000078 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000078 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000079 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000079 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004d ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004d ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004d ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x12a1c90400+1
Device \Driver\ACPI \Device\0000006a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\LMouFlt2 \Device\lmouse LMouFlt2.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.)
Device \Driver\LMouFlt2 \Device\lmouse ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\0000007b usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\0000007b ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Pcatip \Device\PaD0 Pcatip.sys (Patin-Couffin Autoplay™ support driver/VSO Software)
Device \Driver\Pcatip \Device\PaD0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\hidusb \Device\0000007f HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\hidusb \Device\0000007f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Pcatip \Device\PaD1 Pcatip.sys (Patin-Couffin Autoplay™ support driver/VSO Software)
Device \Driver\Pcatip \Device\PaD1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Pcatip \Device\PaD2 Pcatip.sys (Patin-Couffin Autoplay™ support driver/VSO Software)
Device \Driver\Pcatip \Device\PaD2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\iviVD \Device\Scsi\iviVD1 SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation)
Device \Driver\iviVD \Device\Scsi\iviVD1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\iviVD \Device\Scsi\iviVD1Port0Path0Target0Lun0 SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation)
Device \Driver\iviVD \Device\Scsi\iviVD1Port0Path0Target0Lun0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 836C5856


#5 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 February 2010 - 08:16 AM

gmer cont..

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806ED780 (2189184 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EE000-8070E300 (131840 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F8D36000-F8D38000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F8C46000-F8C49000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F87E7000-F8815000 (188416 bytes)
Module \WINDOWS\System32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F8D38000-F8D3A000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F87D6000-F87E7000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F8836000-F8840000 (40960 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F8DFE000-F8DFF000 (4096 bytes)
Module \WINDOWS\System32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F8AB6000-F8ABD000 (28672 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F8846000-F8851000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F87B7000-F87D6000 (126976 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F8ABE000-F8AC3000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F8856000-F8863000 (53248 bytes)
Module iviVD.sys (iviVD/InterVideo) F8866000-F8871000 (45056 bytes)
Module \WINDOWS\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) F879F000-F87B7000 (98304 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F8787000-F879F000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F8876000-F887F000 (36864 bytes)
Module \WINDOWS\System32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F8886000-F8893000 (53248 bytes)
Module fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F8767000-F8787000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F8755000-F8767000 (73728 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F8896000-F889F000 (36864 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F873E000-F8755000 (94208 bytes)
Module WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) F872B000-F873E000 (77824 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F869E000-F872B000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F8671000-F869E000 (184320 bytes)
Module uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) F88A6000-F88B1000 (45056 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F8657000-F8671000 (106496 bytes)
Module IPVNMon.sys (IPVNMon/Visual Networks) F863F000-F8657000 (98304 bytes)
Module \SystemRoot\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) F8B9E000-F8BA5000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F88D6000-F88E6000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F88E6000-F88F5000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) F85FC000-F861F000 (143360 bytes)
Module \SystemRoot\System32\DRIVERS\Pcatip.sys (Patin-Couffin Autoplay™ support driver/VSO Software) F85EB000-F85FC000 (69632 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F8C06000-F8C0C000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F8916000-F8921000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) F8C2E000-F8C33000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F859F000-F85C3000 (147456 bytes)
Module \SystemRoot\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F8AF6000-F8AFE000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F8926000-F8930000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) F8B0E000-F8B14000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F8B1E000-F8B24000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F8D8A000-F8D8C000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) F8541000-F859F000 (385024 bytes)
Module \SystemRoot\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) F8CE2000-F8CE6000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F8936000-F8945000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F8D8E000-F8D90000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) F8BA6000-F8BAB000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F8D92000-F8D94000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F8E48000-F8E49000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F8D96000-F8D98000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F8BC6000-F8BCC000 (24576 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F852D000-F8541000 (81920 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F8BE6000-F8BEB000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F8BF6000-F8BFE000 (32768 bytes)
Module \SystemRoot\System32\Drivers\LHidUsb.Sys (Logitech USB Mouse Function Driver./Logitech, Inc.) F8966000-F896F000 (36864 bytes)
Module \SystemRoot\System32\Drivers\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) F8976000-F897F000 (36864 bytes)
Module \SystemRoot\System32\Drivers\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) F8B26000-F8B2D000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\LHidFlt2.Sys (Logitech HID Filter Driver./Logitech, Inc.) F8B36000-F8B3C000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) F8D26000-F8D29000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\LMouFlt2.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) F84D4000-F84E5000 (69632 bytes)
Module \SystemRoot\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) F8BCE000-F8BD6000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) F8CC6000-F8CC9000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\kbdhid.sys (HID Mouse Filter Driver/Microsoft Corporation) F85E3000-F85E7000 (16384 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) F8986000-F8996000 (65536 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) F8CCE000-F8CD1000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) F8B7E000-F8B83000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF9C4000-BF9D6000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) F8E6C000-F8E6D000 (4096 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) BFF50000-BFF53000 (12288 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) F7968000-F798C000 (147456 bytes)
Module \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys (GMER) F78B1000-F78C8000 (94208 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 144
Library C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 0x48580000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 192
Library C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75B40000
Library C:\WINDOWS\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75B50000
Library C:\WINDOWS\system32\winsrv.dll (Windows Server DLL/Microsoft Corporation) 0x75B60000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x7E720000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 216
Library C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\NDdeApi.dll (Network DDE Share Management APIs/Microsoft Corporation) 0x75940000
Library C:\WINDOWS\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x75930000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x005B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x00B80000
Library C:\WINDOWS\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\cscdll.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\System32\dimsntfy.dll (DIMS Notification Handler/Microsoft Corporation) 0x47020000
Library C:\WINDOWS\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x75950000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\WgaLogon.dll (Windows Genuine Advantage Notification/Microsoft Corporation) 0x01290000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\imaadp32.acm (IMA ADPCM CODEC for MSACM/Microsoft Corporation) 0x58420000
Library C:\WINDOWS\system32\msadp32.acm (Microsoft ADPCM CODEC for MSACM/Microsoft Corporation) 0x72CF0000
Library C:\WINDOWS\system32\msg711.acm (Microsoft CCITT G.711 (A-Law and u-Law) CODEC for MSACM/Microsoft Corporation) 0x58330000
Library C:\WINDOWS\system32\msgsm32.acm (Microsoft GSM 6.10 Audio CODEC for MSACM/Microsoft Corporation) 0x58300000
Library C:\WINDOWS\system32\tssoft32.acm (DSP Group TrueSpeech™ Audio Codec for MSACM V3.50/DSP GROUP, INC.) 0x582D0000
Library C:\WINDOWS\system32\tsd32.dll 0x73B70000
Library C:\WINDOWS\system32\msg723.acm (Microsoft G.723.1 CODEC for MSACM/Microsoft Corporation) 0x58310000
Library C:\WINDOWS\system32\msaud32.acm (Windows Media Audio/Microsoft Corporation) 0x58340000
Library C:\WINDOWS\system32\sl_anet.acm (Audio codec for MS ACM/Sipro Lab Telecom Inc.) 0x582E0000
Library C:\WINDOWS\system32\l3codeca.acm (MPEG Layer-3 Audio Codec for MSACM/Fraunhofer Institut Integrierte Schaltungen IIS) 0x016A0000
Library C:\WINDOWS\system32\vct3216.acm (Voxware Audio Compression Manager Driver/Voxware, Inc.) 0x00E10000
Library C:\WINDOWS\system32\vct3216.dll (Voxware Compression Toolkit/Voxware, Inc.) 0x013E0000
Library C:\WINDOWS\system32\msms001.vwp (Voxware MetaSound V2.0 VCT Plug-in/Voxware, Inc.) 0x01F30000
Library C:\WINDOWS\system32\mvoice.vwp (Voxware MetaVoice Plug-In/Voxware, Inc.) 0x023A0000
Library C:\WINDOWS\System32\iac25_32.ax (Indeo® audio software/Intel Corporation) 0x581A0000
Library C:\WINDOWS\system32\alf2cd.acm (NCT ALF2CD Audio CODEC/NCT Company) 0x014C0000
Library C:\WINDOWS\system32\sirenacm.dll (Messenger Audio Codec/Microsoft Corporation) 0x01520000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x02EF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x02F90000

Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 264
Library C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x7DBD0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x7DBA0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcAdProc.dll (Windows Compatibility DLL/Microsoft Corporation) 0x47260000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\eventlog.dll (Event Logging Service/Microsoft Corporation) 0x77B70000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000

Process C:\WINDOWS\system32\savedump.exe (Windows NT Save Dump Utility/Microsoft Corporation) 276
Library C:\WINDOWS\system32\savedump.exe (Windows NT Save Dump Utility/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\dbgeng.dll (Symbolic Debugger Engine for Windows 2000/Microsoft Corporation) 0x6D590000
Library C:\WINDOWS\system32\DBGHELP.dll (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00740000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 284
Library C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75730000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x74440000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00650000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x4D200000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x744B0000
Library C:\WINDOWS\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7DFC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74410000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 444
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00650000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00A00000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 544
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00650000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00940000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 588
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00650000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00900000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76CE0000
Library c:\windows\system32\certcli.dll (Microsoft® Certificate Services Client/Microsoft Corporation) 0x77B90000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library c:\windows\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library c:\windows\system32\ESENT.dll (Server Database Storage Engine/Microsoft Corporation) 0x606B0000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x59490000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753E0000
Library c:\windows\system32\srsvc.dll (System Restore Service/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74F40000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\System32\wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x762C0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\System32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x75310000
Library C:\WINDOWS\System32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\System32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\System32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75020000
Library C:\WINDOWS\System32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x75200000
Library C:\WINDOWS\System32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x3F1E0000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\System32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x75390000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\System32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x5F740000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 844
Library C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x75F80000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x77760000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\serwvdrv.dll (Unimodem Serial Wave driver/Microsoft Corporation) 0x5CD70000
Library C:\WINDOWS\system32\umdmxfrm.dll (Unimodem Tranform Module/Microsoft Corporation) 0x5B0A0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\System32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x5BA60000
Library C:\WINDOWS\System32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x01100000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x3E1C0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETSHELL.dll (Network Connections Shell/Microsoft Corporation) 0x76400000
Library C:\WINDOWS\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library C:\WINDOWS\system32\dot3api.dll (802.3 Autoconfiguration API/Microsoft Corporation) 0x478C0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\dot3dlg.dll (802.3 UI Helper/Microsoft Corporation) 0x736D0000
Library C:\WINDOWS\system32\OneX.DLL (IEEE 802.1X supplicant library/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\eappcfg.dll (Eap Peer Config/Microsoft Corporation) 0x745B0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x5DCD0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x01C20000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x00D80000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINDOWS\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINDOWS\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\Documents and Settings\Administrator\Desktop\x7s26ijr.exe 1072
Library C:\Documents and Settings\Administrator\Desktop\x7s26ijr.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000

Process C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Antivirus Control Center/Avira GmbH) 1128
Library C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Antivirus Control Center/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x789E0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\Program Files\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\Program Files\Avira\AntiVir Desktop\cctpc.dll (Control Center TaskPanelCtrl/Avira GmbH) 0x00370000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90ENU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00C60000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library c:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH) 0x00270000
Library C:\WINDOWS\System32\hhctrl.ocx (Microsoft® HTML Help Control/Microsoft Corporation) 0x7E4B0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library c:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00EC0000
Library c:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00F40000
Library c:\program files\avira\antivir desktop\ccprofil.dll (Control Center Scanner Plugin/Avira GmbH) 0x00F50000
Library c:\program files\avira\antivir desktop\ccscanrc.dll (Control Center Scanner Plugin Resources/Avira GmbH) 0x00FE0000
Library c:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00FF0000
Library c:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x01050000
Library c:\program files\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01060000
Library c:\program files\avira\antivir desktop\ccquamgr.dll (Control Center Quarantine Manager Plugin/Avira GmbH) 0x01090000
Library c:\program files\avira\antivir desktop\ccquarc.dll (Control Center Quarantine Manager Plugin Resources/Avira GmbH) 0x01110000
Library c:\program files\avira\antivir desktop\ccsched.dll (Control Center Scheduler Plugin/Avira GmbH) 0x01150000
Library c:\program files\avira\antivir desktop\ccscherc.dll (Control Center Scheduler Plugin Resources/Avira GmbH) 0x011C0000
Library c:\program files\avira\antivir desktop\ccreport.dll (Control Center Report Plugin/Avira GmbH) 0x011D0000
Library c:\program files\avira\antivir desktop\ccreporc.dll (Control Center Report Plugin Resources/Avira GmbH) 0x01240000
Library c:\program files\avira\antivir desktop\ccev.dll (Control Center Event Plugin/Avira GmbH) 0x01270000
Library c:\program files\avira\antivir desktop\ccevrc.dll (Control Center Event Plugin Resources/Avira GmbH) 0x012D0000
Library c:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x01360000
Library c:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x01330000
Library c:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x01390000
Library c:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x013D0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x014F0000
Library c:\program files\avira\antivir desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x01B00000
Library c:\program files\avira\antivir desktop\sqlite3.dll 0x01C50000
Library c:\program files\avira\antivir desktop\updaterc.dll (product updater resource library/Avira GmbH) 0x01CC0000
Library c:\program files\avira\antivir desktop\guardmsg.dll (AntiVir Guard Messages (Deutsch)/Avira GmbH) 0x01CE0000
Library c:\program files\avira\antivir desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x01CF0000
Library c:\program files\avira\antivir desktop\avscan.dll (Workstation On-Demand Scanner/Avira GmbH) 0x01D00000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01FA0000
Library C:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x020D0000
Library C:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02120000
Library C:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x021F0000
Library C:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02220000
Library C:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02270000
Library C:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02300000
Library C:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x02380000
Library C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x023E0000
Library C:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02430000
Library C:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02680000
Library C:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x026D0000
Library C:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x02740000
Library C:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x027C0000



#6 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 February 2010 - 08:17 AM

sorry about this, I don't know how to create a .zip file.

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\WINDOWS\System32\DRIVERS\2WirePCP.sys (2Wire USB Driver/2Wire, Inc.) [MANUAL] 2WIREPCP
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (System Level Service Utility/Adobe Systems) [MANUAL] Adobe LM Service
Service C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [AUTO] AdobeActiveFileMonitor
Service C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [AUTO] AdobeActiveFileMonitor4.0
Service C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [AUTO] AdobeActiveFileMonitor5.0
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [DISABLED] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service Aspi
Service C:\WINDOWS\System32\drivers\aspi32.sys (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] ASPI32
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\Program Files\America Online 8.0\ATWPKT2.SYS [MANUAL] ATWPKT2
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [DISABLED] Bonjour Service
Service C:\WINDOWS\System32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation) [MANUAL] Bridge
Service C:\WINDOWS\System32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation) [MANUAL] BridgeMP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btaudio
Service C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) [MANUAL] BTDriver
Service C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.) [MANUAL] BTKRNL
Service C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver for Windows 2000/Broadcom Corporation.) [AUTO] BTSERIAL
Service C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) [DISABLED] btwdins
Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server Driver/Broadcom Corporation.) [MANUAL] BTWDNDIS
Service C:\WINDOWS\system32\DRIVERS\btwhid.sys (Bluetooth Virtual HID Minidriver/Broadcom Corporation.) [MANUAL] btwhid
Service C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) [MANUAL] btwmodem
Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB
Service C:\DOCUME~1\LORIHO~1\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [DISABLED] dmio
Service (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service C:\WINDOWS\System32\DRIVERS\Dot4.sys (One Cool Transport/Microsoft Corporation) [MANUAL] dot4
Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys (Dot4 Printer Driver/Microsoft Corporation) [MANUAL] Dot4Print
Service C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys (One Cool Transport/Microsoft Corporation) [MANUAL] Dot4Scan
Service C:\WINDOWS\System32\DRIVERS\dot4usb.sys (DOT4USB filter driver/Microsoft Corporation) [MANUAL] dot4usb
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service C:\Program [DISABLED] ewido security suite control
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech USB Video Class Filter Driver/Logitech Inc.) [MANUAL] FilterService
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service FlashNT
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [DISABLED] gupdate1c99dd639dca636
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [DISABLED] gusvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HidServ
Service C:\WINDOWS\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HPSLPSVC
Service [DISABLED] hpt3xx
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\System32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\System32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service (IPVNMon/Visual Networks) [BOOT] IPVNMon
Service C:\WINDOWS\System32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\iviVD.sys (iviVD/InterVideo) [BOOT] iviVD
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\System32\DRIVERS\kbdhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys (Logitech PS/2 Mouse Filter Driver./Logitech, Inc.) [MANUAL] L8042pr2
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys (Logitech HID Filter Driver./Logitech, Inc.) [MANUAL] LHidFlt2
Service C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech USB Mouse Function Driver./Logitech, Inc.) [MANUAL] LHidUsb
Service LicenseService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) [MANUAL] LMouFlt2
Service C:\WINDOWS\system32\DRIVERS\LVcKap.sys [MANUAL] Lvckap
Service C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) [AUTO] LVCOMSer
Service C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Machine Vision Engine Loader/Logitech Inc.) [MANUAL] LVMVDrv
Service C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech AudioProcessing Filter Driver/Logitech Inc.) [MANUAL] lvpopflt
Service C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [MANUAL] LVPr2Mon
Service C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) [AUTO] LVPrcSrv
Service C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (LogitechService Launcher/Logitech Inc.) [AUTO] LVSrvLauncher
Service C:\WINDOWS\system32\drivers\LVUSBSta.sys (USB Statistic Driver/Logitech Inc.) [MANUAL] LVUSBSta
Service C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech USB Video Class Driver/Logitech Inc.) [MANUAL] LVUVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\drivers\MODEMCSA.sys (Unimodem CSA Filter/Microsoft Corporation) [MANUAL] MODEMCSA
Service C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola USB Modem and Ports Driver/Motorola) [MANUAL] motmodem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module/Sony Corporation) [MANUAL] MSCSPTISRV
Service C:\WINDOWS\System32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [MANUAL] Mtlmnt5
Service C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [MANUAL] Mtlstrm
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Net Driver HPZ12
Service C:\WINDOWS\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [DISABLED] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [MANUAL] NtMtlFax
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (PACSPTISVR Module/Sony Corporation) [MANUAL] PACSPTISVR
Service C:\WINDOWS\System32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\Pcatip.sys (Patin-Couffin Autoplay™ support driver/VSO Software) [MANUAL] Pcatip
Service C:\WINDOWS\System32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service C:\WINDOWS\System32\Drivers\Pcouffin.sys (Patin-Couffin low level access layer for CD devices/VSO Software) [MANUAL] Pcouffin
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Pml Driver HPZ12
Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\Program Files\Protector Plus\PPDrv.sys [MANUAL] PPDrv
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\System32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service PxHelper
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteAccess
Service C:\WINDOWS\system32\RioMSC.exe (Rio Mass Storage Class Device Manager/Digital Networks North America, Inc.) [DISABLED] RioMSC
Service C:\WINDOWS\system32\drivers\rootrepeal.sys [MANUAL] rootrepeal
Service C:\WINDOWS\System32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) [MANUAL] SASENUM
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\WINDOWS\system32\Drivers\SbcpHid.sys [MANUAL] SbcpHid
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\System32\DRIVERS\aox402sc.sys (USB Driver for SE402 Still Camera/Endpoints, Incorporated) [MANUAL] SE402RefCameraStill
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\WINDOWS\System32\Drivers\SilvrLnk.sys (SilvrLnk.sys/Texas Instruments Incorporated) [MANUAL] SilverLink
Service [DISABLED] Simbad
Service C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service C:\WINDOWS\System32\DRIVERS\slntamr.sys [MANUAL] Slntamr
Service C:\WINDOWS\System32\DRIVERS\Slnthal.sys (HAL Driver for NT/ ) [MANUAL] SlNtHal
Service C:\WINDOWS\system32\slserv.exe (User-Level Modem Service/ ) [AUTO] SLService
Service C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Description string for SlWdmSup driver/Vireo Software) [MANUAL] SlWdmSup
Service SMSvcHost 3.0.0.0
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (SPTISRV Module/Sony Corporation) [DISABLED] SPTISRV
Service C:\WINDOWS\System32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\drivers\srs_sscfilter.sys [MANUAL] SRS_SSCFilter
Service C:\WINDOWS\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [MANUAL] ssmdrv
Service StarOpen
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\SVKP.sys (SVKP driver for NT/AntiCracking) [AUTO] SVKP
Service C:\WINDOWS\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (TVicHW32 Driver for Windows NT/2000/XP/EnTech Taiwan) [MANUAL] TVICHW32
Service C:\WINDOWS\system32\DRIVERS\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [BOOT] uagp35
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\Program Files\Unlocker\UnlockerDriver5.sys UnlockerDriver5
Service C:\WINDOWS\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service system32\DRIVERS\usbser_lowerflt.sys [MANUAL] upperdev
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service USB
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\System32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\System32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\System32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (USB Modem Driver/Microsoft Corporation) [MANUAL] usbsermpt
Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Remote NDIS USB Driver/Microsoft Corporation) [MANUAL] usb_rndisx
Service C:\WINDOWS\System32\DRIVERS\v90drv.sys (NTV90drv driver/ ) [MANUAL] V90drv
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service VXD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service System32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Windows CE USB Serial Host/Microsoft Corporation) [MANUAL] wceusbsh
Service C:\WINDOWS\system32\DRIVERS\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [MANUAL] Wdf01000
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] WebClient
Service WebPost
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service Wmi
Service WmiApRpl
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [AUTO] WMPNetworkSvc
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [BOOT] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module/Yahoo! Inc.) [AUTO] YahooAUService
Service {265DD615-723E-4539-B87D-688B4E15343C}
Service {56171F8A-FC23-4FE2-981F-20081C467432}
Service {5C9876C4-3F54-4121-8F78-23A9F8BAB5F6}
Service {8928E620-BC0E-4CB7-8AC8-A40908BBDE6E}
Service {AE471AB4-7E8A-443D-8076-919246DAA8F9}
Service {DADFC928-6E7A-47A4-874B-071B0667959A}
Service {EAB4D7F2-FC12-45E8-9F47-A2B10B859A64}
Service {EE51A898-9F61-4D66-B23D-BCDCE9AE57CF}
Service {F0E4F9A0-8C09-4092-B958-194DE002CB5F}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\InprocServer32@ C:\Program Files\Common Files\Sony Shared\OpenMG\OpcEa3.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\InprocServer32@InprocServer32 uwgK5ra}%@&WS~$jIhanOMAFunction>6-2tiM,9[=tamYv$R'[,?
Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\ProgID@ OpcEa3.OpcEa3Player.1
Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\TypeLib@ {F008D44A-2E02-4AB2-B595-5690F7E55FB7}
Reg HKLM\SOFTWARE\Classes\CLSID\{B14BDC49-CD8E-C1D7-9289-A737B5C0B1E0}\VersionIndependentProgID@ OpcEa3.OpcEa3Player

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:23 AM

Posted 09 February 2010 - 01:23 PM

Hello, saltydogs
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 February 2010 - 03:17 PM

Hello Tom, thank you for taking the time to help. I have attached the Combofix scan below.

ComboFix 10-02-09.01 - Lori Hoagland 02/09/2010 14:31:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.159 [GMT -5:00]
Running from: c:\documents and settings\Lori Hoagland\Desktop\schrauber.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\program files\outlook
c:\program files\SGPSA
c:\program files\SGPSA\SearchAssistant.dll
c:\recycler\S-1-5-21-1606980848-1614895754-839522115-1003
C:\s
C:\test.txt
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\inf\dm.inf
c:\windows\inf\dm.PNF
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\14_43260.dll
c:\windows\system32\28_83260.dll
c:\windows\system32\COMCTL32.OCA
c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\open.ico
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\Vbshell.tlb
c:\windows\winhelp.ini

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_ISEXENG
-------\Legacy_SYSPRCM
-------\Legacy_YSVCHST
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-07 18:30 . 2010-02-07 18:30 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-28 03:17 . 2010-01-28 03:17 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-28 03:06 . 2010-01-28 03:06 -------- d-----w- c:\windows\ERUNT
2010-01-28 02:59 . 2010-01-28 04:13 -------- dc----w- C:\SDFix
2010-01-27 19:20 . 2010-01-27 19:20 -------- d-----w- c:\program files\ESET
2010-01-26 21:02 . 2010-01-26 21:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-26 15:59 . 2010-01-26 15:59 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-26 15:39 . 2010-01-26 15:39 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-01-12 19:27 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 11:25 . 2004-02-13 00:00 -------- d-----w- c:\program files\Yahoo!
2010-01-26 22:31 . 2010-01-26 21:16 6144 -c--a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2010-01-26 22:31 . 2010-01-26 21:16 22528 -c--a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2010-01-26 21:04 . 2010-01-26 21:04 52224 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 21:04 . 2010-01-26 21:04 117760 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-26 21:03 . 2007-05-08 13:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 21:03 . 2007-05-08 13:25 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com
2010-01-26 20:06 . 2009-02-24 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 16:28 . 2009-06-12 02:22 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 15:13 . 2008-12-06 21:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 21:38 . 2007-03-13 00:13 -------- dc-h--w- c:\documents and settings\Lori Hoagland\Application Data\Move Networks
2010-01-09 20:11 . 2010-01-09 20:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-01-07 21:07 . 2009-02-24 03:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-02-24 03:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 18:31 . 2009-12-10 00:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-02 04:11 . 2007-06-16 02:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-02 04:08 . 2004-11-10 21:10 -------- dc--a-w- c:\documents and settings\Lori Hoagland\Application Data\yahoo!
2010-01-02 03:45 . 2009-03-25 21:35 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\Skype
2010-01-02 03:27 . 2008-11-07 23:42 82160 ----a-w- c:\documents and settings\Lori Hoagland\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 03:25 . 2010-01-02 03:25 -------- d-----w- c:\program files\Microsoft
2010-01-02 03:25 . 2010-01-02 03:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-02 03:25 . 2008-07-01 23:56 -------- d-----w- c:\program files\Windows Live
2010-01-02 03:21 . 2010-01-02 03:21 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-02 03:20 . 2003-11-18 15:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-02 01:49 . 2010-01-02 01:49 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\AIM7
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-02 01:48 . 2005-10-03 19:14 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-01 23:12 . 2010-01-01 23:03 130250 ----a-w- c:\windows\hpoins36.dat
2010-01-01 23:01 . 2004-04-27 22:36 -------- d-----w- c:\program files\Lavasoft
2010-01-01 23:01 . 2009-08-22 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-01 22:44 . 2008-03-19 16:47 -------- d-----w- c:\program files\epson
2010-01-01 22:41 . 2009-01-27 08:58 -------- d-----w- c:\program files\HP
2010-01-01 22:39 . 2009-09-09 17:00 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2010-01-01 21:57 . 2009-09-09 18:32 -------- d-----w- c:\program files\Common Files\HP
2010-01-01 19:44 . 2009-09-09 17:03 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\HP
2010-01-01 19:41 . 2010-01-01 19:41 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-26 05:42 . 2006-10-21 20:55 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-26 05:40 . 2003-11-19 15:43 -------- d-----w- c:\program files\SpywareBlaster
2009-12-21 19:14 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 23:08 . 2003-01-29 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 22:42 . 2008-07-08 23:55 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\ooVoo Details
2009-12-13 22:24 . 2009-12-13 22:24 10134 -c--a-r- c:\documents and settings\Lori Hoagland\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-12-13 22:24 . 2009-12-13 22:24 10134 -c--a-r- c:\documents and settings\Lori Hoagland\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-12-13 22:22 . 2007-09-21 23:34 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-12-13 22:20 . 2007-09-21 23:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-12-13 22:20 . 2009-12-13 22:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Logitech
2009-12-13 22:20 . 2004-01-20 20:59 -------- d-----w- c:\program files\Logitech
2009-12-11 23:26 . 2009-12-11 23:26 -------- d-----w- c:\program files\Cheetah Burner
2009-12-10 22:33 . 2009-12-10 22:33 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-08 02:01 . 2009-03-31 23:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-05 16:02 . 2009-12-05 16:02 5562672 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.9.1.exe
2009-11-29 23:52 . 2009-11-29 23:51 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe
2009-11-27 15:34 . 2009-11-27 15:34 5459008 ----a-w- c:\program files\TVUPlayer2.5.0.1.exe
2009-11-24 18:59 . 2009-11-24 18:59 61808 ---ha-w- c:\windows\system32\mlfcache.dat
2005-08-20 18:08 . 2005-08-20 18:05 7248896 ----a-w- c:\program files\avwinsfx.exe
2005-08-07 02:42 . 2005-08-07 02:42 0 ----a-w- c:\program files\index.jsp
2005-08-01 23:06 . 2005-08-01 23:05 4633184 ----a-w- c:\program files\pi-installer.exe
2004-10-06 11:36 . 2004-10-06 11:36 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
2003-08-27 19:19 . 2003-12-17 01:01 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2002-06-28 15:06 . 2002-06-28 15:06 30 -c--a-w- c:\program files\Uninstall.bat
2002-06-28 15:06 . 2002-06-28 15:06 27 ----a-w- c:\program files\Install.bat
2004-08-04 07:56 . 2006-05-10 23:38 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2005-12-02 20:20 . 2005-10-20 22:25 56 --sh--r- c:\windows\system32\8169F249CF.sys
2005-12-02 20:20 . 2005-10-20 22:21 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlashPath Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\FlashPath Monitor.lnk
backup=c:\windows\pss\FlashPath Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lori Hoagland^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Lori Hoagland\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lori Hoagland^Start Menu^Programs^Startup^radio@netscape.lnk]
path=c:\documents and settings\Lori Hoagland\Start Menu\Programs\Startup\radio@netscape.lnk
backup=c:\windows\pss\radio@netscape.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodpvrm]
c:\windows\system32\??rvices.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-08-02 19:01 473600 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 15:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2004-03-16 19:45 19968 ----a-w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-05-17 15:52 505368 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-05-17 15:53 780312 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 16:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 12:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"SPTISRV"=3 (0x3)
"RioMSC"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c99dd639dca636"=2 (0x2)
"ewido security suite control"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Yahoo Instant Messengar"=YahooMsgr.exe
"VideoraiPodConverter"=c:\program files\VideoraiPodConverter\VideoraConverter.exe -t
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"ezShieldProtector for Px"=c:\windows\system32\ezSP_Px.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/31/2009 6:43 PM 108289]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2005 5:17 PM 2368]
S3 PPDrv;Protector Plus Driver;\??\c:\program files\Protector Plus\PPDrv.sys --> c:\program files\Protector Plus\PPDrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 SE402RefCameraStill;GD-350V (WDM);c:\windows\system32\drivers\aox402sc.sys [9/19/2003 3:00 PM 67332]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [11/29/2001 5:10 PM 1432836]
S4 gupdate1c99dd639dca636;Google Update Service (gupdate1c99dd639dca636);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 4:06 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:06]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwnb.ops.placeware.com/etc/place/NOVEMBER/SCNpws-b1/5.1.5.222/lib/quicksilver.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\8a7xuixy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={5F14FA2F-2123-E1CC-1185-74BEA1D43EB5}&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\SGPSA\SearchAssistant.dll
HKLM-Run-Auto EPSON Stylus CX3800 Series on THEHOAGLANDS - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
HKU-Default-Run-Quicktime Player - Quiktime32.exe
HKU-Default-RunOnce-Quicktime Player - Quiktime32.exe
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-2N85L533MR#GJT - c:\windows\System32\Dzg0p5.exe
MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
MSConfigStartUp-bPt - c:\documents and settings\christopher hoagland\local settings\temp\bPt.exe
MSConfigStartUp-CJPAGNT - c:\windows\CJPAGNT.exe
MSConfigStartUp-EPSON Stylus CX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\F-Secure\FSGUI\TNBUtil.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-hid_start - c:\windows\system32\gzmrotate.dll
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1128366852\ee\AOLSoftware.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
MSConfigStartUp-IPInSightMonitor 02 - c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-Microsoft Instant Messenger - MSNGMSNGR32.EXE
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-outlook - c:\program files\outlook\outlook.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-PopUpStopperFreeEdition - c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
MSConfigStartUp-Quicktime Player - Quiktime32.exe
MSConfigStartUp-Radio@Netscape - c:\program files\Radio@Netscape\Radio@Netscape.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-SAKUF - c:\windows\SAKUF.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
MSConfigStartUp-SpyBlast - c:\program files\SpyBlast\SpyBlast.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
MSConfigStartUp-Sscr - c:\program files\wsrn\asra.exe
MSConfigStartUp-strtas - lock1.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
MSConfigStartUp-winupdates - c:\program files\winupdates\winupdates.exe
MSConfigStartUp-YBrowser - c:\program files\Yahoo!\browser\ybrwicon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 14:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7760)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-02-09 15:11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 20:11

Pre-Run: 36,028,399,616 bytes free
Post-Run: 36,040,241,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DB84C9B3519FDE75B0C8F754AAB78136


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:23 AM

Posted 09 February 2010 - 03:59 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/291425/infected-with-wormwin32netsky-system-shutdown/

Collect::
c:\windows\system32\drivers\lvuvc.hs
c:\program files\Uninstall.bat
c:\program files\Install.bat
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodpvrm]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 February 2010 - 05:36 PM

OK. Logs attached.

ComboFix 10-02-09.01 - Lori Hoagland 02/09/2010 16:09:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.107 [GMT -5:00]
Running from: c:\documents and settings\Lori Hoagland\Desktop\schrauber.exe
Command switches used :: c:\documents and settings\Lori Hoagland\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

file zipped: c:\program files\Install.bat
file zipped: c:\program files\Uninstall.bat
file zipped: c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Install.bat
c:\program files\Uninstall.bat
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-07 18:30 . 2010-02-07 18:30 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-28 03:17 . 2010-01-28 03:17 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-28 03:06 . 2010-01-28 03:06 -------- d-----w- c:\windows\ERUNT
2010-01-28 02:59 . 2010-01-28 04:13 -------- dc----w- C:\SDFix
2010-01-27 19:20 . 2010-01-27 19:20 -------- d-----w- c:\program files\ESET
2010-01-26 21:02 . 2010-01-26 21:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-26 15:59 . 2010-01-26 15:59 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-26 15:39 . 2010-01-26 15:39 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-01-12 19:27 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 11:25 . 2004-02-13 00:00 -------- d-----w- c:\program files\Yahoo!
2010-01-26 22:31 . 2010-01-26 21:16 6144 -c--a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2010-01-26 22:31 . 2010-01-26 21:16 22528 -c--a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2010-01-26 21:04 . 2010-01-26 21:04 52224 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 21:04 . 2010-01-26 21:04 117760 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-26 21:03 . 2007-05-08 13:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 21:03 . 2007-05-08 13:25 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\SUPERAntiSpyware.com
2010-01-26 20:06 . 2009-02-24 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 16:28 . 2009-06-12 02:22 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 15:13 . 2008-12-06 21:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 21:38 . 2007-03-13 00:13 -------- dc-h--w- c:\documents and settings\Lori Hoagland\Application Data\Move Networks
2010-01-09 20:11 . 2010-01-09 20:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-01-07 21:07 . 2009-02-24 03:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-02-24 03:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 04:11 . 2007-06-16 02:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-02 04:08 . 2004-11-10 21:10 -------- dc--a-w- c:\documents and settings\Lori Hoagland\Application Data\yahoo!
2010-01-02 03:45 . 2009-03-25 21:35 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\Skype
2010-01-02 03:27 . 2008-11-07 23:42 82160 ----a-w- c:\documents and settings\Lori Hoagland\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 03:25 . 2010-01-02 03:25 -------- d-----w- c:\program files\Microsoft
2010-01-02 03:25 . 2010-01-02 03:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-02 03:25 . 2008-07-01 23:56 -------- d-----w- c:\program files\Windows Live
2010-01-02 03:21 . 2010-01-02 03:21 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-02 03:20 . 2003-11-18 15:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-02 01:49 . 2010-01-02 01:49 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\AIM7
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-02 01:48 . 2005-10-03 19:14 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-01 23:12 . 2010-01-01 23:03 130250 ----a-w- c:\windows\hpoins36.dat
2010-01-01 23:01 . 2004-04-27 22:36 -------- d-----w- c:\program files\Lavasoft
2010-01-01 23:01 . 2009-08-22 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-01 22:44 . 2008-03-19 16:47 -------- d-----w- c:\program files\epson
2010-01-01 22:41 . 2009-01-27 08:58 -------- d-----w- c:\program files\HP
2010-01-01 22:39 . 2009-09-09 17:00 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2010-01-01 21:57 . 2009-09-09 18:32 -------- d-----w- c:\program files\Common Files\HP
2010-01-01 19:44 . 2009-09-09 17:03 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\HP
2010-01-01 19:41 . 2010-01-01 19:41 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-26 05:42 . 2006-10-21 20:55 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-26 05:40 . 2003-11-19 15:43 -------- d-----w- c:\program files\SpywareBlaster
2009-12-21 19:14 . 2004-01-08 20:23 916480 ------w- c:\windows\system32\wininet.dll
2009-12-13 23:08 . 2003-01-29 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 22:42 . 2008-07-08 23:55 -------- dc----w- c:\documents and settings\Lori Hoagland\Application Data\ooVoo Details
2009-12-13 22:24 . 2009-12-13 22:24 10134 -c--a-r- c:\documents and settings\Lori Hoagland\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-12-13 22:24 . 2009-12-13 22:24 10134 -c--a-r- c:\documents and settings\Lori Hoagland\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-12-13 22:22 . 2007-09-21 23:34 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-12-13 22:20 . 2007-09-21 23:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-12-13 22:20 . 2009-12-13 22:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Logitech
2009-12-13 22:20 . 2004-01-20 20:59 -------- d-----w- c:\program files\Logitech
2009-12-11 23:26 . 2009-12-11 23:26 -------- d-----w- c:\program files\Cheetah Burner
2009-12-10 22:33 . 2009-12-10 22:33 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-08 02:01 . 2009-03-31 23:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-05 16:02 . 2009-12-05 16:02 5562672 -c--a-w- c:\documents and settings\Lori Hoagland\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.9.1.exe
2009-11-29 23:52 . 2009-11-29 23:51 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe
2009-11-27 15:34 . 2009-11-27 15:34 5459008 ----a-w- c:\program files\TVUPlayer2.5.0.1.exe
2009-11-24 18:59 . 2009-11-24 18:59 61808 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-08-20 18:08 . 2005-08-20 18:05 7248896 ----a-w- c:\program files\avwinsfx.exe
2005-08-07 02:42 . 2005-08-07 02:42 0 ----a-w- c:\program files\index.jsp
2005-08-01 23:06 . 2005-08-01 23:05 4633184 ----a-w- c:\program files\pi-installer.exe
2004-10-06 11:36 . 2004-10-06 11:36 21 ----a-w- c:\program files\AVPersonalAVWIN.INI
2003-08-27 19:19 . 2003-12-17 01:01 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2004-08-04 07:56 . 2006-05-10 23:38 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2005-12-02 20:20 . 2005-10-20 22:25 56 --sh--r- c:\windows\system32\8169F249CF.sys
2005-12-02 20:20 . 2005-10-20 22:21 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlashPath Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\FlashPath Monitor.lnk
backup=c:\windows\pss\FlashPath Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lori Hoagland^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Lori Hoagland\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lori Hoagland^Start Menu^Programs^Startup^radio@netscape.lnk]
path=c:\documents and settings\Lori Hoagland\Start Menu\Programs\Startup\radio@netscape.lnk
backup=c:\windows\pss\radio@netscape.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-08-02 19:01 473600 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 15:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2004-03-16 19:45 19968 ----a-w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-05-17 15:52 505368 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-05-17 15:53 780312 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 16:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 12:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"SPTISRV"=3 (0x3)
"RioMSC"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c99dd639dca636"=2 (0x2)
"ewido security suite control"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Yahoo Instant Messengar"=YahooMsgr.exe
"VideoraiPodConverter"=c:\program files\VideoraiPodConverter\VideoraConverter.exe -t
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"ezShieldProtector for Px"=c:\windows\system32\ezSP_Px.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/31/2009 6:43 PM 108289]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2005 5:17 PM 2368]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S3 PPDrv;Protector Plus Driver;\??\c:\program files\Protector Plus\PPDrv.sys --> c:\program files\Protector Plus\PPDrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 SE402RefCameraStill;GD-350V (WDM);c:\windows\system32\drivers\aox402sc.sys [9/19/2003 3:00 PM 67332]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [11/29/2001 5:10 PM 1432836]
S4 gupdate1c99dd639dca636;Google Update Service (gupdate1c99dd639dca636);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 4:06 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:06]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwnb.ops.placeware.com/etc/place/NOVEMBER/SCNpws-b1/5.1.5.222/lib/quicksilver.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\8a7xuixy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={5F14FA2F-2123-E1CC-1185-74BEA1D43EB5}&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-09 16:32:27
ComboFix-quarantined-files.txt 2010-02-09 21:32
ComboFix2.txt 2010-02-09 20:11

Pre-Run: 36,051,353,600 bytes free
Post-Run: 36,046,528,512 bytes free

- - End Of File - - C815E469E7D7D5F87CE6A63DAAFEC0D5
Upload was successful

Malwarebytes' Anti-Malware 1.44
Database version: 3716
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/9/2010 4:56:19 PM
mbam-log-2010-02-09 (16-56-19).txt

Scan type: Quick Scan
Objects scanned: 152830
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 February 2010 - 05:43 PM

continued...

OTL logfile created on: 2/9/2010 4:58:13 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Lori Hoagland\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 194.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.56 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DISH
Current User Name: Lori Hoagland
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/09 16:57:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori Hoagland\Desktop\OTL.exe
PRC - [2010/01/07 18:10:42 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/05 20:10:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/09 15:57:15 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:06:07 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 11:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 16:57:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori Hoagland\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (ewido security suite control)
SRV - [2009/10/28 19:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 20:10:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 15:57:15 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 20:15:27 | 000,183,280 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/05 16:06:07 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99dd639dca636) Google Update Service (gupdate1c99dd639dca636)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/05/11 17:32:22 | 000,142,112 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/03/26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/02 20:41:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/09/27 15:13:46 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/04/27 16:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 16:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 16:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/12 09:29:30 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/03 12:04:04 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/05/05 15:49:48 | 000,081,920 | ---- | M] (Digital Networks North America, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\RioMSC.exe -- (RioMSC)
SRV - [2001/11/29 17:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 13:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 18:10:53 | 000,000,000 | ---D | M]

[2009/07/14 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Extensions
[2009/07/14 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/09 16:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\8a7xuixy.default\extensions
[2010/01/01 23:07:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\8a7xuixy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/05 13:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\8a7xuixy.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2005/02/19 11:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\amato2s0.Default User\extensions
[2005/02/19 11:32:07 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Lori Hoagland\Application Data\Mozilla\Firefox\Profiles\amato2s0.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/09 16:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/09 12:03:02 | 000,658,056 | ---- | M] (Move Networks) -- C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll
[2004/12/22 11:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/11/25 14:11:10 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/02/26 10:06:49 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2003/08/04 17:19:02 | 000,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll

O1 HOSTS File: ([2010/02/09 14:52:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} http://install.homestead.com/~site/Install...ive/HS_live.cab (HS_live Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/support/chipdetect/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab (SiS_OCX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwnb.ops.placeware.com/etc/place/...quicksilver.cab (Quicksilver Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/assets/activ...ALStreaming.cab (Reg Error: Key error.)
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} http://thesims.ea.com/teleport/makinmagic/...nMagicTeleX.cab (Reg Error: Key error.)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} http://coop.mlxchange.com/Control/MultiSelectComboBox.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1137450405281 (MUWebControl Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://coop.mlxchange.com/Control/MLXClientUtils.cab (Reg Error: Key error.)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (Reg Error: Key error.)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://coop.mlxchange.com/Control/IRCSharc.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (Reg Error: Key error.)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7866.4967939815 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup151.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...375/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.151.8.211 24.151.8.210 66.189.130.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/17 19:17:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/01 06:25:22 | 000,000,000 | ---- | M] () - C:\autoexec.plu -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/09 14:52:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Reg Error: Value error.
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Reg Error: Value error.
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/09 16:57:14 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori Hoagland\Desktop\OTL.exe
[2010/02/09 16:37:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lori Hoagland\Desktop\mbam-setup.exe
[2010/02/09 14:19:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/09 14:17:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 14:17:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 14:17:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 14:17:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 14:10:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/09 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/01/28 17:12:40 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Lori Hoagland\Desktop\RootRepeal.exe
[2010/01/27 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/01/27 21:59:07 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/01/27 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/09 15:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2009/11/27 10:34:00 | 005,459,008 | ---- | C] (TVU networks) -- C:\Program Files\TVUPlayer2.5.0.1.exe
[2009/11/03 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/09 14:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2009/08/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2009/03/22 08:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/12/28 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/21 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/08/19 12:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/05/08 08:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2006/12/16 12:33:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/06/08 16:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2004/11/01 16:26:38 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2003/12/16 20:01:02 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2003/01/29 13:26:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2001/11/29 17:10:32 | 001,432,836 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\v90drv.sys
[2001/11/29 17:10:26 | 000,175,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/09 16:57:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori Hoagland\Desktop\OTL.exe
[2010/02/09 16:37:08 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lori Hoagland\Desktop\mbam-setup.exe
[2010/02/09 16:32:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/09 16:32:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 16:23:10 | 000,000,319 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 15:09:20 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/09 14:52:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/09 14:52:15 | 000,012,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 14:51:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 14:51:13 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 14:49:42 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Lori Hoagland\ntuser.dat
[2010/02/09 14:49:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lori Hoagland\ntuser.ini
[2010/02/09 14:20:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/09 14:15:59 | 003,852,756 | R--- | M] () -- C:\Documents and Settings\Lori Hoagland\Desktop\schrauber.exe
[2010/02/09 14:13:46 | 000,001,955 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/01 15:21:28 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\package.lst
[2010/01/28 17:13:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lori Hoagland\Desktop\settings.dat
[2010/01/28 17:12:41 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Lori Hoagland\Desktop\RootRepeal.exe
[2010/01/28 17:06:21 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Lori Hoagland\Desktop\dds.scr
[2010/01/27 14:19:05 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Lori Hoagland\Desktop\esetsmartinstaller_enu.exe
[2010/01/26 22:59:05 | 000,001,467 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/26 22:59:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/09 14:20:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/09 14:19:53 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/09 14:17:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 14:17:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 14:17:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 14:17:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 14:17:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 14:15:59 | 003,852,756 | R--- | C] () -- C:\Documents and Settings\Lori Hoagland\Desktop\schrauber.exe
[2010/02/09 14:13:46 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/08 07:36:54 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/28 17:13:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Desktop\settings.dat
[2010/01/28 17:06:19 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Desktop\dds.scr
[2010/01/27 14:16:04 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Desktop\esetsmartinstaller_enu.exe
[2009/09/30 16:49:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\$_hpcst$.hpc
[2009/09/27 19:48:51 | 000,007,222 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\CleanUp!.log
[2009/09/09 14:17:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Local Settings\Application Data\fusioncache.dat
[2009/06/11 21:22:03 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/27 04:02:31 | 000,000,942 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/01/27 03:52:51 | 000,021,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/23 08:26:56 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/29 14:55:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/05/27 18:16:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/03/19 11:51:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/19 11:47:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2007/06/09 19:46:47 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2007/06/09 19:46:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/27 16:12:05 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2007/03/01 14:44:43 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\VGANGMJYMWVPD.SYS
[2007/02/06 09:33:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/02/03 22:22:56 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2007/01/27 10:09:38 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/11/13 15:40:51 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2006/11/06 14:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/10/09 10:18:10 | 000,036,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/10/09 10:18:10 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/10/09 10:18:08 | 000,044,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/10/09 10:18:08 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/09/24 20:53:56 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 20:53:44 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 20:52:06 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/08/18 12:51:33 | 000,003,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/15 22:09:51 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\iPodMusicLiberatorPrefsV4
[2006/08/15 22:05:36 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\iml_system_file
[2006/08/15 13:19:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/07/26 21:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/21 05:33:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/08 14:14:27 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/08 14:14:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/03 10:51:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/01 16:20:52 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/06/01 16:20:51 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/06/01 16:20:51 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/06/01 16:20:51 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/05/22 18:59:39 | 000,190,123 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\com.kennettnet.PodUtil.plist
[2006/05/22 18:46:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/05/12 07:39:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2006/05/02 21:32:30 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/05/02 21:24:26 | 000,003,333 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/02 21:24:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/29 23:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 22:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 22:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 22:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006/04/12 09:23:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/03/27 05:20:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\regiml.ini
[2006/03/19 13:34:58 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialCE.dll
[2006/03/19 13:34:42 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2006/02/09 15:49:11 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/12/29 15:12:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/29 14:53:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2005/12/28 14:58:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Kingdia DVD Ripper.INI
[2005/12/28 00:21:46 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Ripper.INI
[2005/12/28 00:02:44 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2005/12/26 22:25:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/12/26 12:49:29 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/12/26 12:49:29 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/12/26 12:49:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/12/26 12:49:29 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/11/15 23:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/10/20 17:25:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8169F249CF.sys
[2005/10/20 17:21:04 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/10/03 20:13:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/08/20 13:05:47 | 007,248,896 | ---- | C] () -- C:\Program Files\avwinsfx.exe
[2005/08/06 21:42:11 | 000,000,000 | ---- | C] () -- C:\Program Files\index.jsp
[2005/08/06 17:08:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/08/01 18:05:08 | 004,633,184 | ---- | C] () -- C:\Program Files\pi-installer.exe
[2005/07/01 20:01:59 | 000,280,064 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\tizhook.bin
[2005/07/01 20:01:59 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\tizhook.vers
[2005/07/01 20:01:55 | 000,024,356 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\tizinf.xml
[2005/06/11 13:23:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\richtxt4.dll
[2005/06/11 13:23:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pool.ini
[2005/04/06 23:27:16 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/06 23:24:42 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/02/14 17:26:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\words.INI
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2004/12/30 17:31:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/16 21:09:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\FCHJLLKJ.ini
[2004/12/04 23:39:18 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2004/12/04 23:38:08 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2004/12/04 23:32:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/12/01 17:13:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/12/01 17:13:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/12/01 17:13:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/12/01 17:13:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2004/11/18 21:29:25 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Wlink83p(3).ini
[2004/11/10 03:18:23 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Wlink83p(2).ini
[2004/10/29 10:22:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Wlink83p(4).ini
[2004/10/12 13:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/06 06:36:11 | 000,000,021 | ---- | C] () -- C:\Program Files\AVPersonalAVWIN.INI
[2004/08/31 10:46:14 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\tvmcwrd.dll
[2004/08/27 16:34:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2004/08/27 16:34:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2004/08/27 16:01:50 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TITEMP.INI
[2004/08/09 20:49:00 | 000,000,517 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/08/09 20:36:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/07/14 22:17:39 | 000,000,326 | ---- | C] () -- C:\WINDOWS\alchem.ini
[2004/07/06 10:00:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/06/19 18:42:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/06 08:25:03 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/05/06 08:25:03 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/06 08:25:02 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2004/05/06 08:23:40 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2004/05/06 08:23:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2004/05/06 08:23:26 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\Cp5.dll
[2004/05/06 08:06:30 | 000,000,086 | ---- | C] () -- C:\WINDOWS\LHOUSE.INI
[2004/04/27 11:47:13 | 000,004,400 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2004/04/27 11:30:30 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2004/04/26 19:47:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\artmmp.ini
[2004/04/25 09:36:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Application Data\dm.ini
[2004/03/18 03:01:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2004/02/26 13:20:16 | 000,065,588 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/27 19:04:13 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\Lori Hoagland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/27 13:08:52 | 000,003,973 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/21 11:21:08 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/15 20:49:08 | 000,007,836 | ---- | C] () -- C:\WINDOWS\wsme.ini
[2003/10/07 19:19:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2003/09/21 10:00:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/09/09 18:41:53 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Wlink83p.ini
[2003/08/07 20:05:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\D2HNAV16.INI
[2003/08/07 19:41:39 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\PDFWRITR.INI
[2003/08/07 19:41:39 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\__PDF.INI
[2003/08/01 11:38:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/07/12 22:57:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/07/03 19:00:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/06/29 19:45:47 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2003/06/29 19:29:36 | 000,000,611 | ---- | C] () -- C:\WINDOWS\PCAWin.ini
[2003/06/29 19:29:23 | 001,107,472 | ---- | C] () -- C:\WINDOWS\System32\owl52.dll
[2003/05/25 18:25:38 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003/05/25 17:18:24 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Apexwin.ini
[2003/05/25 17:15:04 | 000,467,348 | ---- | C] () -- C:\WINDOWS\System32\TGDRAW16.DLL
[2003/05/25 17:15:04 | 000,201,065 | ---- | C] () -- C:\WINDOWS\System32\TGDXF16.DLL
[2003/05/25 17:15:04 | 000,193,842 | ---- | C] () -- C:\WINDOWS\System32\TGENT16.DLL
[2003/05/25 17:15:04 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\TGCURV16.DLL
[2003/05/25 17:15:04 | 000,136,200 | ---- | C] () -- C:\WINDOWS\System32\TGSOLD16.DLL
[2003/05/25 17:15:04 | 000,083,240 | ---- | C] () -- C:\WINDOWS\System32\TGCIRC16.DLL
[2003/05/25 17:15:04 | 000,081,770 | ---- | C] () -- C:\WINDOWS\System32\TGCLIP16.DLL
[2003/05/25 17:15:04 | 000,070,632 | ---- | C] () -- C:\WINDOWS\System32\TGPOLY16.DLL
[2003/05/25 17:15:04 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\TGSURF16.DLL
[2003/05/25 17:15:04 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\TGKERN16.DLL
[2003/05/25 17:15:04 | 000,059,872 | ---- | C] () -- C:\WINDOWS\System32\TGARC16.DLL
[2003/05/25 17:15:04 | 000,053,864 | ---- | C] () -- C:\WINDOWS\System32\TGSPHR16.DLL
[2003/05/25 17:15:04 | 000,049,256 | ---- | C] () -- C:\WINDOWS\System32\TGTRF16.DLL
[2003/05/25 17:15:04 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\TGTOOL16.DLL
[2003/05/25 17:15:04 | 000,042,464 | ---- | C] () -- C:\WINDOWS\System32\TGDBAS16.DLL
[2003/05/25 17:15:04 | 000,030,768 | ---- | C] () -- C:\WINDOWS\System32\TGCONV16.DLL
[2003/05/25 17:15:04 | 000,030,144 | ---- | C] () -- C:\WINDOWS\System32\TGTRIG16.DLL
[2003/05/25 17:15:04 | 000,027,304 | ---- | C] () -- C:\WINDOWS\System32\TGAREA16.DLL
[2003/05/25 17:15:04 | 000,026,408 | ---- | C] () -- C:\WINDOWS\System32\TGTRIA16.DLL
[2003/05/25 17:15:03 | 000,514,832 | ---- | C] () -- C:\WINDOWS\System32\LEAD45.DLL
[2003/05/25 17:15:03 | 000,127,656 | ---- | C] () -- C:\WINDOWS\System32\TG2D16.DLL
[2003/05/25 17:15:03 | 000,070,784 | ---- | C] () -- C:\WINDOWS\System32\TG3D16.DLL
[2003/05/25 17:15:03 | 000,025,612 | ---- | C] () -- C:\WINDOWS\System32\TGVOL16.DLL
[2003/05/23 18:40:24 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/01/29 14:13:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/29 14:02:21 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/01/29 13:48:29 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/01/29 13:47:40 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/01/29 13:37:40 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/01/29 13:37:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2003/01/29 13:31:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/01/29 13:31:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2003/01/29 12:55:38 | 000,000,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/29 12:55:38 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/12/09 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/09 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/09 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/11/20 17:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/19 12:08:14 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/04/17 00:59:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\espr3260.dll
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/12/05 15:48:12 | 000,322,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys
[2001/11/29 17:10:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2001/11/29 17:10:36 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2001/11/29 17:10:20 | 000,607,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2001/11/29 17:10:18 | 002,383,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2001/11/29 17:10:14 | 000,172,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/10/03 17:16:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2000/10/02 11:45:46 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[1999/09/17 10:56:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[1996/03/20 00:00:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\BSHELF95.INI

========== LOP Check ==========

[2008/07/08 19:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/07/01 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACI
[2010/01/01 20:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/05/07 19:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/05/09 06:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/05/12 07:39:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/06/03 20:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CopyPod
[2007/08/16 21:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/02/25 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/05/08 21:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/05/08 21:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/12/16 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/22 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2005/10/24 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2005/02/08 13:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/11/03 16:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/08/19 12:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/01 20:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RonyaSoft CD DVD Label Maker
[2004/12/01 17:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/11/17 18:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2009/12/26 00:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/27 20:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/18 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/09/26 15:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/08/04 16:45:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8928E3C2-3767-4ADC-B470-9B87A98E3B0D}
[2009/04/25 17:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/08 19:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\acccore
[2005/08/04 19:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\ACI
[2007/02/21 13:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Aim
[2007/11/28 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Audacity
[2007/07/10 20:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\BitTorrent
[2007/08/13 14:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Datalayer
[2007/04/19 14:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\DeepBurner Pro
[2006/05/22 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\DMCache
[2007/01/27 10:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\FinalBurner .ISO
[2007/12/02 17:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\FinalBurner Video DVD
[2008/08/04 16:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\GeoVid
[2003/01/29 13:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\InterTrust
[2006/08/15 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\iPod2PC3
[2004/07/06 19:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Leadertech
[2005/12/25 14:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Lionhead Studios
[2004/07/06 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Lycos
[2004/06/19 17:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\mtph
[2007/11/25 09:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Netscape
[2007/08/17 07:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Nokia
[2009/12/13 17:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\ooVoo Details
[2006/12/03 15:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Opera
[2007/08/16 21:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\PC Suite
[2009/03/08 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\SecondLife
[2007/02/26 10:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Snapfish
[2004/12/17 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\sutl
[2004/12/19 00:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\teio
[2003/07/01 22:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\Template
[2004/12/11 22:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Hoagland\Application Data\turh

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/05/27 22:55:07 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\IE7-WindowsXP-x86-enu.exe
[2009/11/29 18:52:01 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-ENU.exe
[2004/03/02 13:43:22 | 002,266,231 | ---- | M] (Netscape Communications ) -- C:\nsradioplus.exe
[2004/03/18 12:50:33 | 000,741,383 | ---- | M] (Network Associates Inc.) -- C:\stinger.exe
[2005/02/28 11:57:04 | 004,892,160 | ---- | M] () -- C:\w32.exe
[2004/03/16 12:51:54 | 004,881,920 | ---- | M] () -- C:\wnt.exe


< MD5 for: AGP440.SYS >
[2005/03/13 18:23:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 09:39:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/03/13 18:23:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/22 09:39:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2005/03/13 18:23:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 09:39:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2005/03/13 18:23:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/22 09:39:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\w32.exe:SummaryInformation
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\words.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\t:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmv9vcm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmaudsdk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SVKP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Startup.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slserv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slcpappl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RioMSCPS.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OemLinkIcon.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntbackup.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LTWND11n.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LCoInst.Dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpocon09.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ezSP_Px.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\v90drv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sisnic.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SilvrLnk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SbcpHid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Pcouffin.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Pcatip.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdintf210.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BORLNDMM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\autoexec.nt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atipdlxx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atioglxx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ati3d2ag.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\atmoUn.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Apexwin.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\mozilla firefox\plugins\npwinamp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\mozilla firefox\plugins\npmozax.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccerp.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Soccer notebook.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Shortcut to Northwind.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam SS essay for mexican-american war.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam 11-9-05 songs.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ResumeLo.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\pulerimenu.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\card.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\c.url:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\Desktop\PC Access for Windows.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Boot.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\wnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\XP.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xobglu32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xobglu16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wsme.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WORDPAD.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(4).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(3).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Winamp1.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winamp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\webworks_Debug.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vsapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VPTNFILE.953:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\User000.acl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UPGRADE.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNZIP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UninstallFirefox.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninstaller_Debug.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninstall.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninst.MIF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TTEMBED.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmupdate.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMUPDATE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TITEMP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Thumbs.db:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tempf2.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ZipArchive.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\YIEINST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\YCRWin32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHTTP5.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winddx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win2000.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\voxmvdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\voxmsdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VISXUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VISX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vct3216.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBRUN300.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBOA300.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBA32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBA232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vb5stkit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VAEN232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\URLMON(3).DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Uninstall.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unicows.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UbgrYPnp.exd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\txtls32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\txobj32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Tx32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_word.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_wmf32.flt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_tif32.flt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_rtf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_png32.flt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_jpg32.flt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_htm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_bmp32.flt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TTEMB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpFFED8.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpE3FD8.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpE1FD8.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpD5CB0.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmp0EED8.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TIControlPanel.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGVOL16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRIG16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRIA16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRF16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTOOL16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSURF16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSPHR16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSOLD16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGPOLY16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGKERN16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGENT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDXF16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDRAW16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDBAS16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCURV16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCONV16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCLIP16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCIRC16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGAREA16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGARC16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TG3D16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TG2D16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SystemFiles.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSOLDB.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLOLEDB.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqloledb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlclnt.rsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SpOrder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPLITTER.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SmartMenuXP.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SmartMenuXP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slmh.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slmh.cab:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLLights.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slextspk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slcpappl.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHLWAPI(2).DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET76.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET75.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET73.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET71.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCSIACC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SBFM40.XLA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTCRES.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RootkitReveal.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\roboex32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\richtxt4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redist.rsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Qxcn74j.las:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Quick.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUB3BRSH.ANI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plugincpl131_02.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLIP.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDFWRITR.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPENENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OemLink.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Oemdspif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mvoice.vwp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MuVoh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXL3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSWNG300.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVIDC.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRTD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSV7ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTX3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTOOL32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrating2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSORFS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOLE2.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO97V.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO95FX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO95.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO5ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msms001.vwp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETSQL.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETERR.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETERR.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjet35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHTML(2).DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSGBLAST.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAAP.XLA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP3EncX.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MM32DCMP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\minirec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcans32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdaccore.rsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lww1.a70:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltwvc12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltwvc_n.lib:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTKRN70W.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTKRN11W.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL70W.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltfil12n.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL11W.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDIS12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmoufrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LGUICOM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftga11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfras11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpsd11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcx12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpct11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcd11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmsp11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmac11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflmb12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfjbg12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfimg11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx11n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffax12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMP12n.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp12n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEAD45.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_01-b08.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_01-b06.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IR32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IR21_R.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ipx32_56.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Inetwh32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMXGRD32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Implode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifc21.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IE.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICCVID.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ic32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ic32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HSSICore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HS_live.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpousd07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPOtap07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpomem07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpojwia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoisn07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipt07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipr07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipm07.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoinw07.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoidr07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoidm07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpocoi08.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5500a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5400a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5300a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HotEkc.006:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Help.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FEELIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS


continued...

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVMOV3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVCHK3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\etwr.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emver.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edb500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxdllreg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDRProX.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dutfwsinc.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\winddx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\watv10nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\watv06nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv09nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv08nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv07nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\VMCUSB.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RecAgent.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWWMUSB.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MuVor.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msscript.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LCCFLTR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipvnmon.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hpoipr07.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOCOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zonelibm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\znetm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zeeverm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zcorem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zclientm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpvis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmitimep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipicmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmilib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmi2xml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wisc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmtr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhstb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemdisp.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vgaoem.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\updprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unsecapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\uniansi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsprof.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trnsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trialoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tourP.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tmplprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintlphr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\thawbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdipx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdasync.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srusbusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spttseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcplui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcommon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\snmpstup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smtpcons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smimsgif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smb6w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sma3w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm9aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm93w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm92w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm90w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8dw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8cw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm89w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm87w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm81w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm59w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\simptcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\script.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sapisvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia330.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia001.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvsezm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvseres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\register.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\quser.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\query.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxviceo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxmcro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olethk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleacc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\null.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\NT5IIS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\notiflag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nls302en.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MW770.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtsadmin.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml3r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoapr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoap1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msrating3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msinfo32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msidntld.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modern.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mnmdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migisol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\metal_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MAPIMIG.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kdcom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdvntc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdurdu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinpun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinmar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinkan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinhin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinguj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdindev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdheb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgeo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarmw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarme.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jupiw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iuengine.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isignup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imscinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjputy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjprw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdct.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ieinfo5.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwtutor.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\IASNT4.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\htrn_jis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\HPCRDP.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\home_ss.dll:KAVICHS
a Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrlui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\helphost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hcappres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsclntr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fwdprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftlx041e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsconins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fs_rec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\freecell.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framdit.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framd.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\flattemp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evtgprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\et4000.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esunid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esuimgd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esucmd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eqnclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edb500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxgthk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dwil1033.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ds16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dosapp.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dfrgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dbgeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cprofile.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cplexe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnresm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\class_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgusr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgport.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chglogon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\change.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cap7146.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_iscii.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brpinfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bnts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\blue_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Desktop.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDAO36.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsspxn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmssocn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsgnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATZAP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATZAP16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATAZAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3d8caps.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3dnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRSWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crpe32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Crpaig80.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CP5DLL32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Cp5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMDLG32.OCA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\coinst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CnyLt4.6t6:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMDIALOG.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CDWriterXP.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CapacityMeter.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BurnData.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BRKDWN16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BQShell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BDEADMIN.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATL70.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ativcoxx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atitvo32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atiiiexx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATIDDC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ati2mdxx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ati2evxx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amr_cpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\admsxmit.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AddQuit.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACIRegistryEditor.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACIApexV3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\__PDF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\lw.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\fileID.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\data.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sllights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sl.lng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Sisport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIS_OCX.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIS_LIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIGVERIF.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.1.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Setup_Debug.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\runtsckl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RtlRack.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rename.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\POWERPNT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pool.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\POCE98.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pdsiapex32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PDSIAPEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcdlib32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcconfig.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\patchw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OSInfo.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\oeuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Netscape.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NetAPI_Debug.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\net2fone.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\N6Uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\muninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSVCP60.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSTXTCNV.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSREMIND.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSOFFICE.ACL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSFNTMAP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mrbupd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_56Kbps Internal Modem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mHotkey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Me.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mads.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LPT$VPN.953:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\loadhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LHOUSE.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Instit.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\InstIt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\impborl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ieuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ICQ.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Hposcv07.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\HIDMNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\gzip.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\GRAPH5.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\GetServer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\flashax.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FCHJLLKJ.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\exchng32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\eurls.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\eReg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\encarta.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\emachines_32.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dimple.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DevMgr.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\datalink.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\D2HNAV16.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CTRegRun.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CTL3D32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cdplayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BSHELF95.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BQShell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BPMNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BigFixClientOverride.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\aucfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\atid.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\artmmp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\APEXUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\alchem.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AIM.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\98.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\2PortalMon_Debug.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\2k.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_SETUPD_.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\$_hpcst$.hpc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\w32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\versions.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\stinger.opt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\stinger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\sam xmas.acb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\pscan.html:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\pi-installer.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\mozilla firefox\plugins\NPMGWRAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\avwinsfx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\AVPersonalAVWIN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\plugins.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Picklistderef.out:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\pass02079491890020.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\omginst.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\o.html:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\nsradioplus.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\kyf.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\keys.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\INSTALL.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\fileinfo.out:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\trace.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\zodiac signs and dates.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\yo mamma jokes.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Why I am getting an Education.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\where is vermont.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\What a child observed.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\web sites mla.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\virus-1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Vinet.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Untitled.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Unnamed Slideshow.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\u-8 rules.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Trail of Tears Facts.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Trail of Tears Citation.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Toshiba Satellite A75-S226.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\TimConlanletter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Thoreau Essay.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The Unknown.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\the unknown 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\the shakers research.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The risk taker.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The opportunity to brag about a child.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\the lost scene.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The last soccer senior spaghetti supper2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The last soccer senior spaghetti supper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\The Last Senior Soccer Spaghetti Suppermenu.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\terri.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\tagsaleletter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\survey-sam.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sugar, we're going down lyrics.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\strandemail.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ss project sam number for compass rose.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\spanish project pictures.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sometapasideas.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\someDish Recipes.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Sociology Poem.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccerlettertothebee.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccerbasketsilentauction.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccer field.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccer extreme.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Soccer Coach Contact List.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Silicone project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\seniornight.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Senior Recommendation Form.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Self Portrait for Creative Writing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\san andreas cheats.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\san andreas cheats 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam xmas list.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam vermont 8 facts.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\SAM THE LOST SCENE FOR LA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam tech ed-labels.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam tech ed pjct-safe.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam table of contents for ss project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam ss project-pictures for map.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam ss project-great falls.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam ss letter in colonial times.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam spring schedule.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam spanish schedule.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam spanish project-bill gates'.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam spanish project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\SAM sciene la essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam science latter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam piano tabs.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam moons.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam mission statement.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam memior for LA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam math project-birthdays.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam math money-jon jons.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam la the real me.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam la project vermont titiles.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam la essay for newspaper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam la essay #2 for newspaper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam frienly letter for LA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam english friendly letter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\SALMON WITH BACON AND LENTILS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\s.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Rock an Roll Paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ResumeLo.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ResumeLo.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\RAFFLEDESCRIP.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Rachellecoopletter.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\puleriletter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\pool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Physical Disability Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\PeaceWish.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\PeaceProject.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\peace.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\pcaccesshelp.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\PaulsBooksSA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\parking ticket.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Parent brag sheet.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Overdue Billing Through October 15, 2005.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Overdue Billing Through October 1, 2005.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Overdue Billing Through July 31.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Outline For Rovers Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\outline for Rock History paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Outline for Pre write.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Nike mercurial vaporsSA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\National Tournament Info.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\my memory of california.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\msn encarta page.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\mom interview SSA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\mocbrobes friend or for.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\mla for rock and roll paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\MLA Citation for Dress Code Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\MaxYankees.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max's christmas list.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max visions of america research paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max teachers list for conferences.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sublime tabs.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sponge soup lab.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology typing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology survey.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology survey typing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology rent project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology project typing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Max sociology final typing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max sociology final essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max soccer training ad.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max science lab.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max science cell book pics.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max poster information for gladiator project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max multi cultural perspectives question and outline for project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Max math quad. iinvest..doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math portfolio.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math portfolio writing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math portfolio vocabulary.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math portfolio summary page.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max math portfolio personal growth page.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max law current event.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max law current event 3.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max law current event 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max latin project typing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max latin gladiator project sources.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max latin gladiator paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max latin asterix comics project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max history vietnam project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max history midterm outline.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max history article on chickens and bird flu.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Max hercules project 5 questions.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max gym report.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max gym advertisement.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max Guitar Tabs.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max guitar tabs tabs.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english trial paper 1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english report.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english report.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english portfolio.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english portfolio extended metaphor writing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english portfolio analysis writing.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english OMAM essay.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english minority report and oedipus essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english hercules presentation.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english hercules presentation.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english hercules collage.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english great migration essay.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english extra credit.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Max english extra credit pics.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english extar credit.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english essay on barbershop and raison.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max english catcher in the rye creative writing assignment.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinery recipe sheet.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe sheet.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe 5.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe 4.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe 3.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary recipe 1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary midterm menu.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max culinary midterm 15 facts.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max christmas list.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max chem lab.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max biology sources for project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max biology lab.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max biology capt lab.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max biology animal project.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio smallpox project.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio project pics.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio project paper.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio project paper 2.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio labe table and graph.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio lab.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max bio capt essay.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max american studies satan's letter questions.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max american studies freewrite.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max american studies content questions.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max amer studies research project works cited page.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\max amer studies news.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Matluckmenu2005.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\matluck2005letter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Marquis de lafayette.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\m.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\lunchlady.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\lunchladies.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Lori Hoaglandemailsig.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Littenberghalloween05menu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Littenberghalloween05letter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\letterhead.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Learning The Terms Project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\learning the terms pictures.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Learning the terms 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\knights.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Key Facts.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Johnson State College Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Jersey shore Stuff.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Jackness2005menu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\jackness2005letter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Hurricane KatrinaSociology.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Hurricane Katrina Sociology.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\howlandcoverletter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\how i got my name.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Hoagyoffice.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\hijackthis.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Hey Chris.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\GREENMOUNTAINESSAY.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Green Mountain College Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\gloria skurwinski.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Glascottoutingmenu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Glascottoutingletter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Glascottmenu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\glascottletter3.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\glascottletter2.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\glascottletter1.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\German Paper.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\fred b-day card.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Five people.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Feb 9 2005.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Fear anger pleasure homework.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\EquityOverdue Billing Through July 32.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\English project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\edheimermenu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Early Childhood Memories.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\e5132.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Dress code essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\dishletterhead.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\david beckham project.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Daily and Weekly Chore Categories Explained.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\CueCollege.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\creative writing assignment.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\coverletter2.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\coverletter1.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\cookbookthoughts2004.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Cookbook thoughts.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Conversation Thing for English.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Conversation thing for english 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\College.eml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Colbytapasideas.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\colbymenu.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\colbyletter.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Coach Werner.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chris hoagland.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chris christmas list.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chili facts.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chili facts.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chemistry of a Marshmallow.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chemistry brochure.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Checks.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Checks 3.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Checks 2.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Chartwellsdanletter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\castletonessay2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\CASTLETONESSAY.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Castleton State College Essay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Castelton essay 3.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\brian punishment.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\BrettReference.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\BrettReference.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Boys Soccer U8.eml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Boys Soccer U8 Team 14.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\BISCOTTI.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\birthday project sam.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\bass tabs.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\bass tabs 5.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\bass tabs 4.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\bass tabs 3.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\bass tabs 2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\baskets2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\basketdecriptions1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\barmitzvah.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\BARCELONAEATS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Backup of SAM THE LOST SCENE FOR LA.wbk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Backup of SAM sciene la essay.wbk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Backup of Dress code essay.wbk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\astsample questions.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ask jeeves page.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Anthonyletterperu.wps:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\another AIM.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\analysis.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\A Cocktail Party for Ten silent auction.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\75 things to do when ordering pizza.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\2006 Teachers Numbers.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\2004Invite.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\2.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Desktop\PrintMaster.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Desktop\Outlook Express.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Application Data\tvmcwrd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Application Data\tizinf.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Application Data\tizhook.vers:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Application Data\tizhook.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lori Hoagland\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\os848618.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\nsradio.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\flashplayer7installer.exe:KAVICHS
@Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.bak:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\KGyGaAvL.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\8169F249CF.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Lori Hoagland\ntuser.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\oeminfo.ini:KAVICHS
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vclx50.bpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vclsmp50.bpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vcldb50.bpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vclbde50.bpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vcl50.bpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\missouri.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lttwn11n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ltimg11n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4usb.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4scan.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\setupapi.log.2.old:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\PCAWin.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
< End of report >

@Alternate Dat

#12 saltydogs

saltydogs
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 February 2010 - 05:44 PM

continued...

OTL Extras logfile created on: 2/9/2010 4:58:13 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Lori Hoagland\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 194.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.56 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DISH
Current User Name: Lori Hoagland
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1128366852\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128366852\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\aim\aim.exe" = C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- File not found
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Disabled:Rio Music Manager -- (Digital Networks North America, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\aim\aim.exe" = C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver 13.0 Rel .5
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}" = Cheetah CD Burner
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D7D753B4-678C-4E12-9D17-B277364B80C0}" = Bluetooth Remote Control
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}" = Logitech QuickCam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Across Lite 2.0" = Across Lite 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blaze Media Pro" = Blaze Media Pro
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CLEP Sampler" = CLEP Sampler
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESET Online Scanner" = ESET Online Scanner v3
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 1.99.1
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Karen's Replicator" = Karen's Replicator
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Picasa 3" = Picasa 3
"QcDrv" = Logitech® Camera Driver
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"SecondLife" = SecondLife (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Unlocker" = Unlocker 1.8.8
"Video Cutter_is1" = Video Cutter 1.0
"Videora iPod touch Converter" = Videora iPod touch Converter 5.03
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XiphQT" = Xiph QuickTime Components
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2010 4:14:24 PM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/1/2010 4:39:37 PM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/7/2010 10:01:39 AM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application avnotify.exe, version 9.0.10.0, faulting module
msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/7/2010 10:06:32 AM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/7/2010 10:34:23 AM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/7/2010 10:58:42 AM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/8/2010 8:38:00 AM | Computer Name = DISH | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 8:46:17 AM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/8/2010 12:14:54 PM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

Error - 2/9/2010 3:07:50 PM | Computer Name = DISH | Source = Application Error | ID = 1000
Description = Faulting application avnotify.exe, version 9.0.10.0, faulting module
msrating.dll, version 8.0.6001.18702, fault address 0x0001c4a7.

[ System Events ]
Error - 1/30/2010 10:35:26 AM | Computer Name = DISH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/30/2010 11:12:59 AM | Computer Name = DISH | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/30/2010 11:12:59 AM | Computer Name = DISH | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/30/2010 11:16:04 AM | Computer Name = DISH | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 1/30/2010 11:16:04 AM | Computer Name = DISH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/30/2010 11:16:04 AM | Computer Name = DISH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 10:11:58 AM | Computer Name = DISH | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 1/31/2010 10:11:58 AM | Computer Name = DISH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 10:11:58 AM | Computer Name = DISH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 10:17:25 AM | Computer Name = DISH | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.


< End of report >


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:23 AM

Posted 10 February 2010 - 01:47 PM

Hi,


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2004/09/01 06:25:22 | 000,000,000 | ---- | M] () - C:\autoexec.plu -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (SsiEfr.e) - File not found
    SafeBootMin: vds - Reg Error: Value error.
    [2007/06/09 19:46:47 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
    [2007/06/09 19:46:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
    @Alternate Data Stream - 88 bytes -> C:\w32.exe:SummaryInformation
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\words.INI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\t:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmv9vcm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmaudsdk.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SVKP.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Startup.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slserv.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slcpappl.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RioMSCPS.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OemLinkIcon.ico:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntbackup.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LTWND11n.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf11n.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LCoInst.Dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpocon09.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ezSP_Px.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\v90drv.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sisnic.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SilvrLnk.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SbcpHid.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Pcouffin.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Pcatip.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ftdisk.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdintf210.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BORLNDMM.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\autoexec.nt:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atipdlxx.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atioglxx.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ati3d2ag.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\mmsystem.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\atmoUn.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\Apexwin.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Program Files\mozilla firefox\plugins\npwinamp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Program Files\mozilla firefox\plugins\npmozax.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\Start Menu\Programs\Startup\desktop.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\soccerp.htm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Soccer notebook.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\Shortcut to Northwind.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam SS essay for mexican-american war.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\sam 11-9-05 songs.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\ResumeLo.htm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\pulerimenu.sig:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\desktop.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\card.htm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\My Documents\c.url:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Lori Hoagland\Desktop\PC Access for Windows.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Boot.bak:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\wnt.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\XP.reg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\xobglu32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\xobglu16.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\wsme.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WORDPAD.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(4).ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(3).ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wlink83p(2).ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winio.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winio.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Winamp1.ico:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winamp.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\webworks_Debug.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vsapi32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VPTNFILE.953:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\User000.acl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UPGRADE.TXT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNZIP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UninstallFirefox.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninstaller_Debug.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninstall.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Uninst.MIF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TTEMBED.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSC.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmupdate.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMUPDATE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TITEMP.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Thumbs.db:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tempf2.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\taskman.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zlib.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ZipArchive.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\YIEINST.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\YCRWin32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmoe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHTTP5.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winddx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win2000.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\voxmvdec.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\voxmsdec.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VISXUTIL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VISX.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vct3216.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBRUN300.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBOA300.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBA32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBA232.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vb5stkit.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VAEN232.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\URLMON(3).DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Uninstall.ico:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unicows.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UbgrYPnp.exd:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\txtls32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\txobj32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Tx32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_word.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_wmf32.flt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_tif32.flt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_rtf32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_png32.flt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_jpg32.flt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_htm32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tx_bmp32.flt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TTEMB32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpFFED8.FOT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpE3FD8.FOT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpE1FD8.FOT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpD5CB0.FOT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmp0EED8.FOT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TIControlPanel.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED20.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED.VBX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGVOL16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRIG16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRIA16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTRF16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGTOOL16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSURF16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSPHR16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGSOLD16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGPOLY16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGKERN16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGENT16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDXF16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDRAW16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGDBAS16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCURV16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCONV16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCLIP16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGCIRC16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGAREA16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TGARC16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TG3D16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TG2D16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SystemFiles.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlstr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSOLDB.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLOLEDB.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqloledb.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlclnt.rsp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SpOrder.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPLITTER.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SmartMenuXP.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SmartMenuXP.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slmh.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slmh.cab:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLLights.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slextspk.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slcpappl.chm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHLWAPI(2).DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET76.tmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET75.tmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET73.tmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET71.tmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SDM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCSIACC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SBFM40.XLA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTCRES.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RootkitReveal.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\roboex32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\richtxt4.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redist.rsp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Qxcn74j.las:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Quick.ico:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUB3BRSH.ANI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plugincpl131_02.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLIP.VBX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDFWRITR.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPENENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OemLink.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Oemdspif.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.chm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mvoice.vwp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MuVoh.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3a.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXL3032.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSWNG300.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVIDC.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRTD.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSV7ENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTX3032.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTOOL32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X35.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrating2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSORFS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOLE2.VBX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO97V.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO95FX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO95.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSO5ENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msms001.vwp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER35.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT35.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETSQL.TLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETERR.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJETERR.CNT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjet35.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHTML(2).DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSGBLAST.VBX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACAL70.CNT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAAP.XLA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP3EncX.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MM32DCMP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\minirec.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcans32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdaccore.rsp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI.VBX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lww1.a70:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltwvc12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltwvc_n.lib:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTKRN70W.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTKRN11W.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL70W.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltfil12n.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL11W.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDIS12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmoufrc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LGUICOM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftga11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfras11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpsd11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcx12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpct11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcd11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmsp11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmac11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflmb12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfjbg12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfimg11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx11n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffax12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMP12n.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp12n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEAD45.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecnt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecat.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdal.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_01-b08.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_01-b06.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IR32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IR21_R.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ipx32_56.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Inetwh32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMXGRD32.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Implode.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifc21.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IE.ico:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICCVID.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ic32.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ic32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HSSICore.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HS_live.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpousd07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPOtap07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpomem07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpojwia.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoisn07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipt07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipr07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoipm07.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoinw07.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoidr07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpoidm07.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpocoi08.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5500a.aio:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5400a.aio:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5300a.aio:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HotEkc.006:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Help.ico:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPWPP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FLIST32.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FEELIT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVMOV3.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVCHK3.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\etwr.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emver.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edb500.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxdllreg.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDRProX.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dutfwsinc.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\winddx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\watv10nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\watv06nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv09nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv08nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv07nt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\VMCUSB.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RecAgent.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWWMUSB.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MuVor.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msscript.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LCCFLTR.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipvnmon.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hpoipr07.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOCOBJ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zonelibm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneclim.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\znetm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zeeverm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zcorem.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zclientm.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wupdmgr.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshnetbs.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ws2ifsl.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\write.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowexec.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmv8dmod.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpvis.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpstub.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS