Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NTVDM c0h error, HelpAssistant, blue screen, phishing screens in ebay & paypal


  • This topic is locked This topic is locked
25 replies to this topic

#1 trintax

trintax

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 March 2010 - 01:57 AM

I've had virus issues for at least a month, starting with the Antivirus Live. That seemed to clear up but then noticed the HelpAssistant user file.

I'm running Win XP PRO SP3, MS Essentials AV (recently switched from McAfee), IE 7, Windows Firewall.
I have also tried running MalwareBytes Anti-Malware, Ad-Aware, Spy Bot, ToniArts EasyCleaner, MS Safety.Live

My problems started one day when something took over my IE. Every site I tried to go to, I ended up at AntiVirus Live, and I got the usual popups saying I wasn't protected and they tried to sell their software.
The typical porn websites would popup. I ran several AV's and it would seem to go away, then come back.

That problem seems to be gone now.

The current problems are:
1. when I reboot I get an NTVDM System Error c0h.
2. I have a HelpAssistant Folder in MyDocuments. I emptied this and disabled it, but on the next reboot it created
a new folder "HelpAssistant Study Computer" and copied about 2 GB into it. Which explains my decreasing HD.
3. If I go into Ebay, or PayPal, with IE it brings up a phishing form looking that looks just like the real ebay or pp.
4. Slow computer - blue screen
5. Credit Card - closed for fraudulant activity

I ran dds & gmer and attached the logs. Deleted the HelpAssistant file for now....

dds.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Tony at 20:49:41.46 on 03/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.65 [GMT -6:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uStart Page = hxxp://comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uWindows: load= c:\skw2\remind.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~2.DLL
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~2.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://photo2.walgreens.com/WalgreensOutlookImport.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab
DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - hxxp://download.richfx.com/player/mediaversion/005/latest/twophase.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/108984b55be341caab23/netzip/RdxIE2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxps://carelink.minimed.com/plugin/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: HookRC Class: {a5780613-492e-4a2a-a7fd-549610edf6cc} - c:\program files\vcom\recovery commander\RCHOOK.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-7 93320]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-5 21608]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [2007-8-14 17408]
S3 IRNVPN;Indus River Networks VPN Adapter;c:\windows\system32\drivers\Irndis.sys [2001-8-2 118507]
S3 MagEpNt;MagEpNt; [x]
S3 MR97310_VGA_DUAL_CAMERA;Argus Digital Camera;c:\windows\system32\drivers\mr97310v.sys [2005-3-27 114100]

=============== Created Last 30 ================

2010-03-08 23:40:29 0 ----a-w- c:\documents and settings\tony\defogger_reenable
2010-03-07 17:04:29 0 d-----w- c:\program files\common files\McAfee
2010-03-07 17:03:38 0 d-----w- c:\program files\McAfee
2010-03-06 21:52:39 0 d-----w- c:\program files\ToniArts
2010-03-04 04:38:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-04 01:49:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-04 01:49:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-04 01:43:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-04 01:41:51 0 d-----w- c:\program files\Lavasoft
2010-02-21 01:25:06 0 d-----w- c:\program files\common files\PC Tools
2010-02-21 01:25:05 0 d-----w- c:\program files\Spyware Doctor
2010-02-19 15:41:45 0 d-----w- c:\program files\Yahoo!
2010-02-19 14:56:13 0 d-----w- c:\docume~1\tony\applic~1\Office Genuine Advantage
2010-02-17 03:08:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 03:07:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 03:07:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 20:23:34 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 20:13:40 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 19:26:54 0 d-----w- c:\program files\Registry Easy
2010-02-10 12:44:51 0 dc----w- C:\College
2010-02-09 21:45:20 0 d-----w- c:\windows\system32\scripting
2010-02-09 21:45:16 0 d-----w- c:\windows\l2schemas
2010-02-09 21:45:15 0 d-----w- c:\windows\system32\en

==================== Find3M ====================

2010-01-22 05:19:17 88104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-19 03:21:57 110136 -c--a-w- c:\docume~1\tony\applic~1\GDIPFONTCACHEV1.DAT
2010-01-15 20:40:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-15 20:40:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

============= FINISH: 20:51:34.06 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 12 March 2010 - 01:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 March 2010 - 05:30 PM

Hi ~

I ran dds and am attaching the attach.zip.

I also ran gmer - quick scan. Didn't realize that the quick scan was instantaneous and was already there when it opened - so I ran 'scan' which took hours and never finished so I killed it. I then reexcetued it and the 'quick scan' result follows:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-13 15:54:59
Windows 5.1.2600 Service Pack 3
Running: 9eh7xyfr.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\awrcraoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

---- EOF - GMER 1.0.15 ----

I'm running in Safe mode right now because my computer 'blue screened' so I reconnected this way to post the message. Was wondering if I was supposed to physically disconnect from the internet before running 'gmer' or just get out of the internet? I did disable the MSE antivirus before running.
I also deleted the 'HelpAssistant' file before running and disabled the access. It always comes back when I reboot.
I will be home for a while if you are currently available. Also, if I have to run gmer in full scan, wondering if there are options I can unclick so it doesn't take forever??

Thanks for your help - Kim

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 13 March 2010 - 05:51 PM

Hello, trintax
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 March 2010 - 10:20 PM

Hi -

Here's the ComboFix Log:

ComboFix 10-03-13.01 - Tony 03/13/2010 20:26:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.80 [GMT -6:00]
Running from: c:\documents and settings\Tony\Desktop\schrauber.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
C:\Thumbs.db
c:\windows\Readme.txt
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\ie.ico
c:\windows\system32\open.ico

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 01:29 . 2010-03-14 01:29 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-03-14 01:29 . 2010-03-14 01:29 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-03-10 15:05 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 17:04 . 2010-03-07 17:04 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-07 17:03 . 2010-03-07 17:25 -------- d-----w- c:\program files\McAfee
2010-03-07 17:03 . 2010-03-07 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-07 17:03 . 2010-03-07 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-06 21:52 . 2010-03-06 21:52 -------- d-----w- c:\program files\ToniArts
2010-03-04 04:38 . 2010-03-04 01:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-04 01:49 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-04 01:49 . 2010-03-04 01:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-04 01:43 . 2010-03-04 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-04 01:41 . 2010-03-04 01:43 -------- d-----w- c:\program files\Lavasoft
2010-03-03 04:24 . 2010-03-03 04:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-03 04:24 . 2010-03-03 04:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-02-21 01:43 . 2010-02-21 01:43 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Threat Expert
2010-02-21 01:25 . 2010-03-04 02:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-21 01:25 . 2010-03-04 02:01 -------- d-----w- c:\program files\Spyware Doctor
2010-02-21 01:23 . 2010-03-04 01:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 15:42 . 2010-02-19 15:42 -------- d-----w- c:\documents and settings\Tony\Application Data\Yahoo!
2010-02-19 15:41 . 2010-03-07 17:03 -------- d-----w- c:\program files\Yahoo!
2010-02-19 14:56 . 2010-02-19 14:56 -------- d-----w- c:\documents and settings\Tony\Application Data\Office Genuine Advantage
2010-02-19 14:53 . 2010-02-19 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-17 03:08 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 03:07 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 03:07 . 2010-02-17 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 20:23 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 20:13 . 2010-03-11 09:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 19:26 . 2010-02-16 20:00 -------- d-----w- c:\program files\Registry Easy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 22:19 . 2007-09-08 00:24 -------- d-----w- c:\program files\Avery Wizard
2010-03-06 21:52 . 2002-06-26 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 21:51 . 2002-06-26 19:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-04 01:41 . 2008-05-29 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-20 18:34 . 2010-01-27 22:55 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-18 20:11 . 2007-07-19 04:25 -------- d-----w- c:\documents and settings\Tony\Application Data\COMCASTTOOLBAR
2010-02-10 10:26 . 2002-06-26 19:54 -------- d-----w- c:\program files\Common Files\Real
2010-02-10 09:48 . 2006-02-10 04:13 -------- d-----w- c:\program files\Google
2010-02-09 04:56 . 2009-11-11 00:39 -------- d-----w- c:\program files\Citrix
2010-02-09 02:52 . 2010-01-28 18:11 -------- d-----w- c:\documents and settings\Tony\Application Data\Smilebox
2010-02-04 05:46 . 2010-02-04 05:46 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-02-04 05:45 . 2010-02-04 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 18:32 . 2009-08-06 04:48 -------- d-----w- c:\program files\WebEx
2010-01-26 18:54 . 2010-01-26 18:53 -------- d-----w- c:\documents and settings\Tony\Application Data\webex
2010-01-22 15:45 . 2009-03-16 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-22 09:20 . 2008-01-12 04:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 05:19 . 2010-01-22 05:19 88104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-21 20:23 . 2007-05-08 01:03 -------- d-----w- c:\documents and settings\Tony\Application Data\Comcast
2010-01-15 20:40 . 2008-05-03 14:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-15 20:40 . 2008-05-03 14:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-13 22:50 . 2010-01-13 22:50 -------- d-----w- c:\documents and settings\Tony\Application Data\Uniblue
2010-01-05 10:00 . 2004-08-24 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2001-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2003-06-06 20:16 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2001-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"1629:TCP"= 1629:TCP:Services
"9818:TCP"= 9818:TCP:Services

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [03/03/2010 7:49 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/04/2010 9:52 AM 1229232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [03/07/2010 11:04 AM 93320]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [01/05/2007 8:29 AM 21608]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\SYSTEM32\DRIVERS\BdHidCom.sys [08/14/2007 8:48 PM 17408]
S3 IRNVPN;Indus River Networks VPN Adapter;c:\windows\SYSTEM32\DRIVERS\Irndis.sys [08/02/2001 9:53 AM 118507]
S3 MagEpNt;MagEpNt; [x]
S3 MR97310_VGA_DUAL_CAMERA;Argus Digital Camera;c:\windows\SYSTEM32\DRIVERS\mr97310v.sys [03/27/2005 9:25 AM 114100]
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:48]

2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 00:02]

2010-03-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-03-13 c:\windows\Tasks\{14EBBCA5-45A6-42F4-90D8-CAD0F98A6C8E}_2GIG_admin.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]

2010-03-13 c:\windows\Tasks\{5410C57F-208E-490E-9646-8BBA1C02FAB2}_2GIG_Nolan.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]

2010-03-13 c:\windows\Tasks\{C761C940-9B30-494F-BAED-BFE09D325483}_2GIG_Taylor.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - hxxp://download.richfx.com/player/mediaversion/005/latest/twophase.cab
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{a5780613-492e-4a2a-a7fd-549610edf6cc} - c:\program files\VCOM\Recovery Commander\RCHOOK.DLL
SafeBoot-MCODS
AddRemove-HyperLoad - c:\program files\Nabisco\HyperLoad\Uninst.isu
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 20:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-03-13 21:01:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 03:01

Pre-Run: 5,779,755,008 bytes free
Post-Run: 5,974,310,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 98E00B8953B8D284F2B8A8321702C301


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 14 March 2010 - 12:01 PM

Hi,


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended)
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 March 2010 - 02:17 PM

Hi Thomas,

I ran the HelpAsst mebroot fix.exe and it came up with a message something like 'HelpAssistant removed - Hit any key to continue'. I hit 'enter' and it completed. That was it - didn't ask me to shut down or anything.

I see that the HelpAssistant is still out in the USERS folder but has been disabled. I didn't reboot yet to see if it comes back. Thought I would check with you first. I'm assuming it won't come back this time....

So does this mean it didn't detect an mbr infection?

Thanks again for your help ~
Kim

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 15 March 2010 - 03:11 PM

Please reboot, then do this:


Run Combofix again and post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 15 March 2010 - 09:16 PM

Hi ~

Here's the combofix log...

ComboFix 10-03-15.04 - Tony 03/15/2010 20:51:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.280 [GMT -5:00]
Running from: c:\documents and settings\Tony\Desktop\schrauber.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-10 15:05 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 17:04 . 2010-03-07 17:04 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-07 17:03 . 2010-03-07 17:25 -------- d-----w- c:\program files\McAfee
2010-03-07 17:03 . 2010-03-07 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-07 17:03 . 2010-03-07 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-06 21:52 . 2010-03-06 21:52 -------- d-----w- c:\program files\ToniArts
2010-03-04 04:38 . 2010-03-04 01:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-04 01:48 . 2010-03-04 01:48 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-04 01:48 . 2010-03-04 01:48 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-04 01:48 . 2010-03-04 01:48 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-04 01:48 . 2010-03-04 01:48 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-04 01:48 . 2010-03-04 01:48 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-04 01:48 . 2010-03-04 01:48 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-04 01:48 . 2010-03-04 01:48 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-04 01:48 . 2010-03-04 01:48 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-04 01:48 . 2010-03-04 01:48 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-04 01:43 . 2010-03-04 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-04 01:43 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-04 01:41 . 2010-03-04 01:43 -------- d-----w- c:\program files\Lavasoft
2010-03-03 04:24 . 2010-03-03 04:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-03 04:24 . 2010-03-03 04:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-02-21 01:43 . 2010-02-21 01:43 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Threat Expert
2010-02-21 01:25 . 2010-03-04 02:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-21 01:25 . 2010-03-04 02:01 -------- d-----w- c:\program files\Spyware Doctor
2010-02-21 01:23 . 2010-03-04 01:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 15:42 . 2010-02-19 15:42 -------- d-----w- c:\documents and settings\Tony\Application Data\Yahoo!
2010-02-19 15:41 . 2010-03-07 17:03 -------- d-----w- c:\program files\Yahoo!
2010-02-19 14:56 . 2010-02-19 14:56 -------- d-----w- c:\documents and settings\Tony\Application Data\Office Genuine Advantage
2010-02-19 14:53 . 2010-02-19 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-17 03:08 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 03:07 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 03:07 . 2010-02-17 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 20:23 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 20:13 . 2010-03-11 09:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 19:26 . 2010-02-16 20:00 -------- d-----w- c:\program files\Registry Easy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 22:19 . 2007-09-08 00:24 -------- d-----w- c:\program files\Avery Wizard
2010-03-06 21:52 . 2002-06-26 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 21:51 . 2002-06-26 19:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-04 01:41 . 2008-05-29 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-20 18:34 . 2010-01-27 22:55 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-18 20:11 . 2007-07-19 04:25 -------- d-----w- c:\documents and settings\Tony\Application Data\COMCASTTOOLBAR
2010-02-10 10:26 . 2002-06-26 19:54 -------- d-----w- c:\program files\Common Files\Real
2010-02-10 09:48 . 2006-02-10 04:13 -------- d-----w- c:\program files\Google
2010-02-09 04:56 . 2009-11-11 00:39 -------- d-----w- c:\program files\Citrix
2010-02-09 02:52 . 2010-01-28 18:11 -------- d-----w- c:\documents and settings\Tony\Application Data\Smilebox
2010-02-04 15:53 . 2010-03-04 01:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 05:46 . 2010-02-04 05:46 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-02-04 05:45 . 2010-02-04 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 18:32 . 2009-08-06 04:48 -------- d-----w- c:\program files\WebEx
2010-01-26 18:54 . 2010-01-26 18:53 -------- d-----w- c:\documents and settings\Tony\Application Data\webex
2010-01-25 19:33 . 2010-01-25 17:33 1602184 ----a-w- c:\documents and settings\Tony\Application Data\Smilebox\SmileboxClient.exe
2010-01-22 15:45 . 2009-03-16 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-22 09:20 . 2008-01-12 04:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 05:19 . 2010-01-22 05:19 88104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-21 20:23 . 2007-05-08 01:03 -------- d-----w- c:\documents and settings\Tony\Application Data\Comcast
2010-01-15 20:40 . 2008-05-03 14:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-15 20:40 . 2008-05-03 14:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-05 10:00 . 2004-08-24 01:32 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 15:16 . 2010-01-01 15:16 79488 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2001-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2003-06-06 20:16 343040 ----a-w- c:\windows\system32\mspaint.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [03/03/2010 8:49 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/04/2010 10:52 AM 1229232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [03/07/2010 12:04 PM 93320]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [01/05/2007 9:29 AM 21608]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\SYSTEM32\DRIVERS\BdHidCom.sys [08/14/2007 9:48 PM 17408]
S3 IRNVPN;Indus River Networks VPN Adapter;c:\windows\SYSTEM32\DRIVERS\Irndis.sys [08/02/2001 10:53 AM 118507]
S3 MagEpNt;MagEpNt; [x]
S3 MR97310_VGA_DUAL_CAMERA;Argus Digital Camera;c:\windows\SYSTEM32\DRIVERS\mr97310v.sys [03/27/2005 10:25 AM 114100]
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:48]

2010-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-03-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 00:02]

2010-03-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-03-15 c:\windows\Tasks\{14EBBCA5-45A6-42F4-90D8-CAD0F98A6C8E}_2GIG_admin.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]

2010-03-15 c:\windows\Tasks\{5410C57F-208E-490E-9646-8BBA1C02FAB2}_2GIG_Nolan.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]

2010-03-15 c:\windows\Tasks\{C761C940-9B30-494F-BAED-BFE09D325483}_2GIG_Taylor.job
- c:\windows\system32\MOBSYNC.EXE [2001-08-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - hxxp://download.richfx.com/player/mediaversion/005/latest/twophase.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1144)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-15 21:07:51
ComboFix-quarantined-files.txt 2010-03-16 02:07
ComboFix2.txt 2010-03-14 03:01

Pre-Run: 8,646,701,056 bytes free
Post-Run: 8,649,281,536 bytes free

- - End Of File - - 3CE8892A6326000A031F46D10080F9B2


Thanks - Kim


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 16 March 2010 - 03:25 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 March 2010 - 12:19 AM

Hi Thomas,


The following is the scan from Malwarebytes:


Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

03/16/2010 3:46:47 PM
mbam-log-2010-03-16 (15-46-47).txt

Scan type: Quick Scan
Objects scanned: 153184
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Next ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=dc99627230305c4d8e310f6e6d114460
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-17 04:23:17
# local_time=2010-03-16 11:23:17 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 100 100 0 8915428 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132164
# found=0
# cleaned=0
# scan_time=12549







OTL.txt:

OTL logfile created on: 03/16/2010 11:58:10 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.93 Gb Free Space | 21.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYCOMPUTER
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/16 23:56:15 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
PRC - [2010/03/03 20:48:35 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/03 20:48:31 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/01/08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/05 09:29:16 | 000,021,608 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Sync\SeaSyncServices.exe
PRC - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/03/16 23:56:15 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/03 20:48:31 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/05 09:29:16 | 000,021,608 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Sync\SeaSyncServices.exe -- (Seagate Sync Service)
SRV - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2001/07/11 08:59:00 | 001,077,248 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSVC.EXE -- (NMSSvc) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/07 12:09:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/13 21:42:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://photo2.walgreens.com/WalgreensOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/30.66/uploader2.cab (UploadListView Class)
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} http://download.richfx.com/player/mediaver...st/twophase.cab (RFXPlayer Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} https://carelink.minimed.com/plugin/jinstal...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/hamsterball/raptisoftgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 192.168.1.1 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:1 (Intelligent Desktop - intelligentdesktop.com) - http://active.intelligentdesktop.com/active/?17704749
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 09:02:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2002/07/07 01:02:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/16 23:56:15 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/03/16 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/13 21:13:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/13 21:11:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/13 21:11:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/13 21:11:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/13 21:11:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/13 21:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/13 21:10:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/11 04:10:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/11 04:08:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/07 16:20:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tony\Desktop\erunt-setup.exe
[2010/03/07 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/03/07 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/07 12:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/07 12:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/03/06 18:24:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony\Recent
[2010/03/06 16:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2010/03/03 20:49:37 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/03/03 20:49:21 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/03 20:43:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/03 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/03 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\My Documents\My Music
[2010/03/02 23:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/02 23:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/03/02 23:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/01/22 10:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/15 15:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/31 03:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/28 18:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/09/19 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/08/08 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VCOM
[2002/08/16 15:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2002/08/16 15:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 00:00:01 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\{C761C940-9B30-494F-BAED-BFE09D325483}_2GIG_Taylor.job
[2010/03/17 00:00:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\{5410C57F-208E-490E-9646-8BBA1C02FAB2}_2GIG_Nolan.job
[2010/03/17 00:00:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\{14EBBCA5-45A6-42F4-90D8-CAD0F98A6C8E}_2GIG_admin.job
[2010/03/16 23:56:15 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/03/16 04:26:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/16 00:27:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/16 00:27:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/16 00:27:24 | 000,515,360 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 00:27:24 | 000,437,042 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/16 00:27:24 | 000,068,886 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/16 00:25:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/16 00:23:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 00:22:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/16 00:22:43 | 534,839,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/16 00:21:27 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Tony\NTUSER.DAT
[2010/03/16 00:21:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tony\NTUSER.INI
[2010/03/16 00:21:16 | 004,839,736 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/03/15 21:00:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/15 20:47:36 | 003,891,061 | R--- | M] () -- C:\Documents and Settings\Tony\Desktop\schrauber.exe
[2010/03/15 09:12:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/14 12:41:13 | 000,488,232 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/13 21:42:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/13 21:13:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/03/13 10:43:35 | 000,004,345 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Attach.zip
[2010/03/11 04:08:05 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/09 11:23:01 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\University of Minnesota Internet Login.url
[2010/03/08 18:40:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony\defogger_reenable
[2010/03/08 18:38:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Defogger.exe
[2010/03/07 18:40:34 | 001,419,190 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.mht
[2010/03/07 16:20:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tony\Desktop\erunt-setup.exe
[2010/03/07 16:16:47 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\RSIT.exe
[2010/03/07 16:11:56 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\mbr.exe
[2010/03/07 09:40:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Bleeping Computer doc.doc
[2010/03/06 18:46:41 | 001,374,664 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\MCPR.exe
[2010/03/06 13:00:07 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Removed QuickTime Task from the Registry.doc
[2010/03/06 12:41:58 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/03/06 12:27:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/03 20:49:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/03 20:49:12 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/03 20:43:14 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 12:41:17 | 000,488,232 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/13 21:13:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/13 21:13:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/13 21:11:39 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/13 21:11:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/13 21:11:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/13 21:11:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/13 21:11:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/13 20:01:54 | 003,891,061 | R--- | C] () -- C:\Documents and Settings\Tony\Desktop\schrauber.exe
[2010/03/13 19:35:56 | 534,839,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/13 10:43:35 | 000,004,345 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Attach.zip
[2010/03/11 04:14:58 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/08 18:40:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony\defogger_reenable
[2010/03/08 18:38:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Defogger.exe
[2010/03/07 18:40:30 | 001,419,190 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.mht
[2010/03/07 16:16:44 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\RSIT.exe
[2010/03/07 16:13:10 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\mbr.exe
[2010/03/07 09:40:06 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Bleeping Computer doc.doc
[2010/03/06 18:46:39 | 001,374,664 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\MCPR.exe
[2010/03/06 13:00:06 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Removed QuickTime Task from the Registry.doc
[2010/03/03 23:38:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/03 21:40:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/03 20:43:14 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/29 10:57:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\sidekick.ini
[2008/09/11 19:51:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/11 21:21:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_7F683A60-A4A8-4B12-8D8F-17D7D610AE33.txt
[2008/06/11 21:21:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_23936FAD-4C48-4122-BE8E-D55C6A5D4D09.txt
[2008/06/11 21:21:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_0C41BBB1-0D8F-4B1A-8964-555F1A413A49.txt
[2008/05/03 09:32:10 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_98EF65EE-F836-436E-97F9-FBE558C21276.txt
[2008/05/03 09:32:10 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_7E53CBA1-8AAA-4B8C-80C4-C227CA85356C.txt
[2008/05/03 09:32:10 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_426449C1-A9D8-4614-BB92-5F7957BB010C.txt
[2007/09/28 18:18:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\fusioncache.dat
[2007/09/17 17:43:27 | 000,000,079 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2007/06/14 11:51:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/08 17:32:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_8ECAFEEC-9B44-47AF-AECE-651BCA12B4D5.txt
[2007/05/08 17:32:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_3C9AD9DC-0BCD-493D-A46D-603D60D375AD.txt
[2007/05/08 17:32:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\7zip_progress_207A2550-1128-4A9B-8E38-6CF1713DE6C2.txt
[2007/01/23 00:11:34 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/01/24 23:51:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/03/27 10:34:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2004/08/07 18:57:46 | 000,000,057 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2004/08/05 21:24:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/06/21 14:22:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/11/27 23:14:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/10/28 22:15:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UninstallDLL.dll
[2003/08/06 03:02:06 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/08/06 00:25:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/05/21 09:31:13 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/05/21 09:30:36 | 000,000,909 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/04/09 15:30:19 | 000,196,608 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/04/07 19:29:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/04/05 12:47:47 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/04/05 12:47:28 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/01/29 17:29:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tony.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/13 09:38:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2002/10/05 07:57:49 | 000,002,903 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/08/17 10:29:48 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/07/28 06:47:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\RDMSO.dll
[2002/07/28 06:45:10 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2002/07/26 06:36:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2002/07/23 07:56:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\A1ServiceInstall.dll
[2002/07/23 07:56:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Iruninst.dll
[2002/07/23 07:55:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VirtualDeviceInstall.dll
[2002/07/23 07:55:17 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2002/07/23 07:55:17 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\thr4d.dll
[2002/07/23 07:55:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\ser4d.dll
[2002/07/23 07:55:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\net4d.dll
[2002/07/23 07:55:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IRAclient.dll
[2002/07/23 07:55:17 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2002/07/23 07:55:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\irChartATL.dll
[2002/07/23 07:55:12 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp30fcm.dll
[2002/07/23 07:55:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\irndisntinstall.dll
[2002/07/15 21:34:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2002/07/13 17:31:43 | 000,000,763 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/07/13 17:17:38 | 000,000,146 | ---- | C] () -- C:\WINDOWS\EPSON 1000ICS Installer.ini
[2002/07/07 08:52:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/06/26 14:57:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/06/26 14:50:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/06/26 14:48:28 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/06/26 14:48:28 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2002/06/26 14:48:09 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/06/26 14:48:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/06/26 14:47:58 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/06/26 14:45:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/06/26 14:20:20 | 000,000,548 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2000/08/31 12:48:08 | 000,031,401 | ---- | C] () -- C:\WINDOWS\System32\A1W2KNetConfig.dll
[1996/11/17 02:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll

========== LOP Check ==========

[2005/08/15 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/09/11 19:44:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/08/05 23:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/09/11 19:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/06/11 21:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star
[2007/05/08 17:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
[2010/03/03 20:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/08/08 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/25 01:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/03/03 20:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/05/25 12:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/09/23 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Aladdin Systems
[2008/12/09 23:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Canon
[2009/09/08 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/21 15:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Comcast
[2010/02/18 15:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\COMCASTTOOLBAR
[2009/06/25 22:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\My Sam's Club Digital Photo Center
[2007/06/13 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\NCH Swift Sound
[2006/11/20 23:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\OfficeUpdate12
[2005/11/16 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Raptisoft
[2008/09/11 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\ScanSoft
[2009/12/07 15:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Simple Star
[2010/02/08 21:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Smilebox
[2008/07/21 20:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Smith Micro
[2009/06/03 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Snapfish
[2004/08/07 08:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Tenebril
[2010/01/13 17:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Uniblue
[2004/08/07 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\VCOM
[2010/01/26 13:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\webex
[2006/11/20 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\WholeSecurity
[2010/03/16 00:25:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/16 04:26:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/16 00:27:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/03/17 00:00:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\Tasks\{14EBBCA5-45A6-42F4-90D8-CAD0F98A6C8E}_2GIG_admin.job
[2010/03/17 00:00:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\Tasks\{5410C57F-208E-490E-9646-8BBA1C02FAB2}_2GIG_Nolan.job
[2010/03/17 00:00:01 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\{C761C940-9B30-494F-BAED-BFE09D325483}_2GIG_Taylor.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/30 12:05:04 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2010/02/09 16:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/10/30 12:05:04 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/02/09 16:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/06/06 15:18:26 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/10/30 12:05:04 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2010/02/09 16:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2003/06/06 15:18:26 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/30 12:05:04 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/02/09 16:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/01/30 14:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2001/08/17 13:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2001/08/18 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2001/08/18 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2001/08/18 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WIASERVC.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\uninstBVRP.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMISCMGR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINMINE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIASF.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tls704d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\threed20.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\thr4d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SNDVOL32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ser4d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCRIPTPW.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCRIPTO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSMUI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSFSAPS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REND.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PROMON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PANMAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ochlp30t.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ochlp30e.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NMSSVCPS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NMSSVC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETUI2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\net4d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Mswinsck.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrepl35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSR2C.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MsPMSPSv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msls2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSHEARTS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG723.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG711.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSACM32.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLANG.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MDHCP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LZ32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltwvc11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ltkrn11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ltimg11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ltfil11n.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LTDIS11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOGILANG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmoufrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftif11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftga11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpsd11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpng11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpcx11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpcd11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfgif11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffax11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfeps11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LFCMP11n.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfbmp11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LCOINST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L3CODECX.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L_INTL.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KDCOM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irChartATL.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IR32_32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ICMUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASSAM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASRECST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASNAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASADS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASACCT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HTICONS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\G711CODC.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUSD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FREECELL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EGA.CPI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DZIP32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WS2IFSL.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wpsdrvnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wg3n.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\watv10nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\watv06nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv09nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv08nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv07nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\v124nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ULTRA.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TOSIDE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tonesnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Teefer.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SYMC8XX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SYMC810.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SYM_U3.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SYM_HI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SPARROW.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\soar.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sensupgd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rksample.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\recagent.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RDPCDD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASPTI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASACD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\QL1280.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\QL1240.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\QL12160.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\QL10WNT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\QL1080.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pwd_2K.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PTILINK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PERC2HIB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PERC2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFWD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFLT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NV4.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NMSCFG.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NetMotCM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MRAID35X.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Mmc_2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\LCCFLTR.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\L8042PR2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\k56nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\itchfltr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IPFLTDRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\INI910U.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmsbw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmkchw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSF_MSFT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HPT3XX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HPN.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\FTDISK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fsksnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\faxnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fallback.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ETC\hosts.ics:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\EL90XBC5.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DPTI2O.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DAC960NT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DAC2W2K.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CPQARRAY.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CMDIDE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdudf_xp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CD20XRNT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CBIDF2K.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\basic2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AUDSTUB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ASC3550.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ASC3350P.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ASC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AMSINT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\amosnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ALIIDE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AIC78XX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AIC78U2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AHA154X.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ADPU160M.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AC97INTC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMOCX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKADP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cp30fcm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHARMAP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdrtc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_950.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_949.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_936.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_932.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_874.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_437.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20127.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1257.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1256.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1255.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1254.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1253.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1252.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1251.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1250.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\archlib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ADSNDS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\VB_MsgHandler.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_DEFAULT.PIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ntldp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ntdetect.col:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Tony\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Tony\My Documents\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Tony\Desktop\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Tony\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\boot.inh:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT256.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINHELP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wincas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wgedit.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VMMREG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VMINST.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VBADDIN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VB.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UniFish3.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uneng.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uilib.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_16.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWAIN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSOC.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMFilter.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tabletoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xceedzip32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHISN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHATM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WRITE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmaudsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINNLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINMSD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHELP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINFAX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINCHAT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiafbdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WDL.TRM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W95FIBER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VWIPXSPX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VWIPXSPX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vsview32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vPP201.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VJOY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VirtualDeviceInstall.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vHelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA64K.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA256.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vControlObject.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VCDEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR332.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vba6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vb5db.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\V7VGA.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVPA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV80A.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV42A.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDPA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\URLCACHE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UninstallDLL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Uninstall.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNICODE.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UFAT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TYPEPERF.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSKILL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSD32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tmpAD0BE.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TFTP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\textexpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TERMCAP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tdbg32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TABCTL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Sysinfo.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SymStore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SWPRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBRANGE.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strings.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STORAGE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SR2.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWID.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SNWValid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SKDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SierraNW.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shpshftr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHIFTJIS.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHARE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHADOW.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUP.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERVICES.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SECPOL.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scroll.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Scint100.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccres100.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccomp100.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SaxComm8.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RUNAS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtfexpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSOPPROV.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSACI.RAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RNR20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\richtx32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHED32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RESET.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPLACE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RELOG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGINI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RegDACL.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RECOVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdmsys.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDMSO.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdmco.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASSER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASRAD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMXS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRNM.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Quick.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUB3BRSH.ANI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PROSETP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PROSETP.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PROSETP.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRONTOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNQCTL.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNPORT.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNMNGR.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNJOBS.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNDRVR.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRNCNFG.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRINT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PMSPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PinPad.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PING6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PhotoImpression Screen Saver.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFTS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFNW.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFI009.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFD009.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PENTNT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pdqtapi.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdqcom32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdfexpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCL.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PATHPING.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PAQSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPOSPOSKeyboard.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPOSPINPad.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPOSMSR.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OPOSLineDisplay.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OldDate:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Odbcjet.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Odbcjet.cnt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWSCRIPT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWEVENT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWCFG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWC.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWAPI16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NW16.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NV4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTSD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ntrights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDSBCLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSERROR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSCMPS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.THA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NMSMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NMSAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETWARE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NET.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCPA.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxbse35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRTD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRT10.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCIRTD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstext35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssecadv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrpfs35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspdox35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msmask32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msltus35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjt4jlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msflxgrd.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexcl35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexch35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Mschrt20.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRINFO.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQPRFSYM.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQPERF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQPERF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQOA20.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQOA10.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQOA.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQGENTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MQCERTUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MpFireWl.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODE.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMDRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mm32DCMP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MICR.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIB.BIN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCO30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MEM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcini.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCICDA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCD32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAIN.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPQ.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGIN.CMD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LODCTR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locate.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOADFIX.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMOUSE16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LGUICOM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LANMAN.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LABEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KOREAN.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEY01.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSW.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDEST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDES.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KB16.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_2.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_1.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSH400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSD400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGMD400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGAW400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETCOMP.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JET500.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVICMForm.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Iruninst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irndisntinstall.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IRAclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ir_jni.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPX32d56.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPROP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETWH32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Indus River Delivery.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IISSUBA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IDEOGRAF.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICE_JNIRegistry.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSDO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3762.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3691.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_0_pv1102.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hsfinst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HSF_INST.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpsjmcro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HNETMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HIMEM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Help.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GWFSPidGen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\grid32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Grdkrn32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPUPDATE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPEDIT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GORAS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gointray.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GLMF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gif89.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GETUNAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GEO.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GDI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GB2312.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FMIFS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz9:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz8:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz6:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz5:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz4:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz3:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz2:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz16:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz15:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz14:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz13:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz12:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz11:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fiz10:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FINGER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXPAND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EULA.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENT97.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eNFormSigDisplay.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDLIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ECBTEG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPPORT.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPMON2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPCHP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100bmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100b325.din:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxdllreg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSSEC.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSOUND.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa310b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa310a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vch.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ROOTMDM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NMSDD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_V124.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_TONE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_SPKP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_SOAR.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_SAMP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_K56K.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_FSKS.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_FAXX.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_FALL.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_BSC2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HSF_AMOS.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ETC\SERVICES:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ETC\PROTOCOL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ETC\NETWORKS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ETC\LMHOSTS.SAM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Dvd_2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\del0212.cty:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\bvrp_pci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a314.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a313.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a311.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a310.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a309.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a308.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a307.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a306.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a305.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a304.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a303.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a302.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\A1ShimW2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPLAY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMINTF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\Q330994.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleacc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml3r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DFRG.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Desktop.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dellscrrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Dell Image Expert.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DEBUG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDEML.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGENG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTYPE.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTL3D32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONVERT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONTROL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPACT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMAND.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comct232.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMOS.RAM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMDLIB.WSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CLICONF.CHM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CLB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CKCNV.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADV.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHCP.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CARDS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CALC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_875.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_869.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_865.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_863.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_861.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_860.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_857.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_855.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_852.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_850.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_775.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_737.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_500.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28605.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28599.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28598.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28593.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28592.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28591.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_21866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20905.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20261.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_1258.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_1026.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10082.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10081.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10079.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10029.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10017.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10010.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10007.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10006.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10000.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_037.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOPOMOFO.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BlockedCookies:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS4.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS1.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Awrtl30.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\awpe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVWAV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVTAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVMETER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATRACE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ASR_LDM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asinst.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ARP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APPEND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APCUPS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ANSI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actskn43.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actrpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\A1W2KNetConfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\A1ServiceInstall.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.CPX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.CPX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$WINNT$.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$NCSP$.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WININET.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\tls704d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\STDOLE.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SNWVALID.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SNWVALID.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SIERRANW.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SETUP.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\RDB16.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\qpro32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLEPRO32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\NOVA_API.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\magtek.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\ipinplus32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\actskn43.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SPWHPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sprof32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIGSREG.FAL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIERRA.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPACT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\resetlog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGOPT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QBWCD.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q828026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q819696.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817606.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817287.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q815021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q814995.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q814033.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811630.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811493.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810833.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810577.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810565.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q331953.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329834.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329441.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329390.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329170.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329115.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329048.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q328310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q327979.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q326830.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q324380.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q324096.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q323255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q323172.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q322011.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q319580.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q318138.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q317277.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q316253.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q316134.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315403.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315000.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q314862.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q314147.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q313596.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q313450.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q312370.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311967.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311889.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311822.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311542.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q310601.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309521.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308928.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308678.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308677.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q306676.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PTPICK32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PowerReg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\photoimpression.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pfpick.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\panose.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OOBEACT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\oeuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OCMSN.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OCGEN.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\netfxocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\muninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSMQINST.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSGSOCM.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSDFMAP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MedCtrOC.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\marscam.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPSYS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPSHARP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPSCALE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPFP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPCMS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\kodakpcd.Tony.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB883357.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB842773.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB841873.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840987.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840374.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840315.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB839645.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB839643-DirectX9.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB837001.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB835732.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB829558.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828741.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828035.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828028.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB826942.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB825119.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824146.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824141.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824105.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823559.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823182.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB822603.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB821557.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB821253.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB820291.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB817778.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB810243.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB810217.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB282010.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ipixActivex.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\InfModM.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ieuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Icoadb32.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Iccsigs.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\icccodes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ICCCODES.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EXPLORER.SCF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EPSON 1000ICS Installer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DELLWP.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DEBUGSM.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dahotfix.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COMSETUP.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CLOCK.AVI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cdplayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BOOTSTAT.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bkuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AWMODEM.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AolCInUn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\active.cdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Active Setup Log.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\I386\SCECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\I386\NETLOGON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\I386\EVENTLOG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\I386\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\I386\AGP440.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Tony\NOBULATE.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Tony\My Documents\My Money.mny:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Tony\Desktop\Data.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\Scanners and Cameras.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\os084633.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\BOOTSECT.DOS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\iTouch.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Tony\NTUSER.INI:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\tasks\{14EBBCA5-45A6-42F4-90D8-CAD0F98A6C8E}_2GIG_admin.job:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\tasks\{C761C940-9B30-494F-BAED-BFE09D325483}_2GIG_Taylor.job:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\tasks\{5410C57F-208E-490E-9646-8BBA1C02FAB2}_2GIG_Nolan.job:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\lmouflt2.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\lkbdflt2.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\Lhidusb.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\ntbtlog.txt:KAVICHS
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WPA.DBL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OLEACC.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mrtrate.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mrtmngr.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\udfreadr_xp.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Irndis.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\hsf_cnxt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\COMCAT.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cdral.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Icg32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Cmousecc.ini:KAVICHS
< End of report >






EXTRAS.txt


OTL Extras logfile created on: 03/16/2010 11:58:10 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.93 Gb Free Space | 21.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYCOMPUTER
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.41 .3
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}" = FreeAgent Go Tools
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ComcastToolbar" = Comcast Toolbar
"DHost" = Win32 BI Application
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{A9915D9A-D08A-4CDB-87FD-FC60CF15A11E}" = Dell Picture Studio - Dell Image Expert
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}" = FreeAgent Go Tools
"Intel® PROSet II" = Intel® PROSet II
"LG USB Drivers" = LG USB Drivers
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoShow 5" = PhotoShow 5
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickBooks 2000" = QuickBooks 2000
"WavePad" = WavePad Uninstall
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/13/2010 7:25:22 PM | Computer Name = STUDYCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/13/2010 7:25:53 PM | Computer Name = STUDYCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/13/2010 7:25:54 PM | Computer Name = STUDYCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/13/2010 9:00:58 PM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/13/2010 9:03:27 PM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/13/2010 9:03:27 PM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/13/2010 9:10:41 PM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/13/2010 9:12:20 PM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/16/2010 1:09:21 AM | Computer Name = STUDYCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/16/2010 8:30:36 PM | Computer Name = STUDYCOMPUTER | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.5605.0, P3 1.79.1.0, P4 1.79.1.0, P5 002bb6fc-0000-0000-0000-000000000000_ff15250f16e6e3004cd27a3d39df4765a32f956f,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 02/20/2010 5:46:01 PM | Computer Name = STUDYCOMPUTER | Source = System Error | ID = 1003
Description = Error code 000000f7, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 02/20/2010 8:15:06 PM | Computer Name = STUDYCOMPUTER | Source = System Error | ID = 1003
Description = Error code 000000f7, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 02/20/2010 8:21:51 PM | Computer Name = STUDYCOMPUTER | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{69683AE9-245C-4E4A-B319-C4A0867E7F49}. The
backup browser is stopping.

Error - 02/21/2010 1:25:02 PM | Computer Name = STUDYCOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 02/21/2010 6:24:26 PM | Computer Name = STUDYCOMPUTER | Source = System Error | ID = 1003
Description = Error code 000000f7, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 02/24/2010 2:28:46 AM | Computer Name = STUDYCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 02/24/2010 2:28:46 AM | Computer Name = STUDYCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 02/24/2010 2:30:03 AM | Computer Name = STUDYCOMPUTER | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 83550020, parameter2 83416f60, parameter3
8346e258, parameter4 00000001.

Error - 02/24/2010 2:32:54 AM | Computer Name = STUDYCOMPUTER | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{69683AE9-245C-4E4A-B319-C4A0867E7F49}. The
backup browser is stopping.

Error - 02/24/2010 2:35:48 AM | Computer Name = STUDYCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >


That's it - Thanks! Kim



#12 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 March 2010 - 11:35 AM

Hi Thomas ~

Just an additional note to you. I see a lot of references to the STUDYCOMPUTER which is an another computer we have networked with this one. I haven't changed anything on that yet or scanned for viruses, etc. I know it's been getting errors and needs to be looked at. We need to load more anti-malware and maybe chage to MSE from McAfee, etc.

Our kids use the studycomputer mostly so they use Facebook, Itunes, etc. and who knows what else???

I'm also wondering what type of limitations I should have on Active-X for IE - I know disabling the Emulator changed some of that and I haven't re-enabled it yet... Can I go ahead and do that know? It was one of the things your site suggested to do before getting bleepincomputer.com help.

Thanks again ~ I think we're almost there! ... or not?

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:04 PM

Posted 17 March 2010 - 02:47 PM

A few leftovers to handle ith, but first, did you set this proxy?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 March 2010 - 04:38 PM

Hi Thomas ~

My 'LAN' settings in IE have the following:


unchecked - Use a proxy for your LAN
unchecked - bypass server for local addresses

When I check the top one, then the 'ADVANCED' tab is available

I click on that and it shows the 'proxy address to use' for HTTP as 127.0.0.1 5555

If I go ahead and apply - then I can no longer get into the internet - I tried rebooting and still the same.

What else do I need to do? I originally unchecked this box because of the 'AntiVirus Live' virus so I could get to IE (I think that was the reason?)

Anyway - guess I need more info to proceed mellow.gif Thx - Kim


#15 trintax

trintax
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 March 2010 - 11:27 PM

Hi again....

I see, after reading more on message boards, that the following:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

is a part of the Antvirus Live virus. I removed the virus via Malwarbyes but had 'unchecked' the box to use a proxy server ....

So now if I check the box to use a proxy server, I can't get into the internet anymore.

I don't know anything about this - need education about 'proxy' servers.

There's a lot I don't know - mostly everything! But - willing to learn if you can provide a site that educates the common person about how everything works on a computer - I'm amazed at how much some people know. Is everyone secretly spending time learning all this - or is it a hobby?? Whatever it is - I appreciate your expertise - and I am just venting!

So - in answer to your question: No - I did not set that proxy...

What next? dry.gif

Kim




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users