Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this help


  • This topic is locked This topic is locked
12 replies to this topic

#1 slojo55

slojo55

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 30 August 2010 - 01:50 AM

Hi, All my webrowsers are running extremely slow. using up to 99 percent of the cpu at times, impossible to stream video from sites like hulu etc. Ran malware, spyware removed all infections still no luck. I downloaded the hijack this software and got a log of the info. Is there anyone out there that can walk me through this. I've never used the program before. here is the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:24 PM, on 8/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\SNDVOL32.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TEMP\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Brontai')
O4 - HKUS\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Brontai')
O4 - HKUS\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User 'Brontai')
O4 - HKUS\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User 'Brontai')
O4 - S-1-5-21-1532035262-3237090906-4204032158-1007 Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'Brontai')
O4 - S-1-5-21-1532035262-3237090906-4204032158-1007 User Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'Brontai')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\George A\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} (SFImageUpload1_10.ImageUpload) - http://riteaid.storefront.com/images/globa...eUpload1_10.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146826100339
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/41/install/gtdownls.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\fltlib32.dll
O20 - Winlogon Notify: ecc6f314600 - C:\WINDOWS\System32\fltlib32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 11715 bytes

thank you in advance for your consideration.

Slojo 55

Edited by Pandy, 30 August 2010 - 10:01 AM.
Moved from Web Browsing as an HjT logfile is included ~Pandy


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:29 AM

Posted 04 September 2010 - 06:44 AM

Hello slojo55, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 04:14 PM

QUOTE(syler @ Sep 4 2010, 06:44 AM) View Post
Hello slojo55, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt
Thanks



Hey Syler,

I've trying to respond to this post, my computer keeps freezing. I'm going to try to send each of the requested materials seperately to see if that helps.

Kindest regards,
slojo55

#4 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 04:16 PM

Syler,

Here is the malware byte log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4545

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 7:53:45 PM
mbam-log-2010-09-04 (19-53-45).txt

Scan type: Quick scan
Objects scanned: 205859
Time elapsed: 43 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kindest regards,

slojo55

#5 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 04:17 PM

Syler,

Here is the rootkit report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A253D-->EE7AF610 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056CF98-->F7BBF36A [C:\WINDOWS\system32\windrvNT.sys]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065B541-->EE7AFC10 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->EE7AF730 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtOpenFile, Type: Address change 0x8056CF33-->F7BBFCD8 [C:\WINDOWS\system32\windrvNT.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->EE7AF4B0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->EE7AF570 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80571E96-->EE7AF6D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: Address change 0x805722F6-->F7BBF842 [C:\WINDOWS\system32\windrvNT.sys]
ntoskrnl.exe-->NtQueryInformationProcess, Type: Address change 0x8056DD08-->F7BBC1E0 [C:\WINDOWS\system32\windrvNT.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062E057-->EE7AF690 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtSetInformationFile, Type: Address change 0x80574B2A-->F7BC0142 [C:\WINDOWS\system32\windrvNT.sys]
ntoskrnl.exe-->NtSetInformationThread, Type: Address change 0x80575756-->EE7AF650 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtSetSecurityObject, Type: Address change 0x8059B1F3-->EE7AF7D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FC39-->EE7AF510 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805E053E-->EE7AF590 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->EE7AF4D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057BA6F-->EE7AF5D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->EE7AF750 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x877C5628 [4] System
0x87086960 [124] C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (Sony Corporation, MD Simple Burner)
0x870DEA20 [312] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x8644A978 [364] C:\Program Files\Safari\Safari.exe (Apple Inc., Safari)
0x870967D8 [416] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C8FDA0 [540] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe (The Linksys Group, Inc., Linksys Instant WLAN Monitor)
0x870D07D8 [544] C:\WINDOWS\SYSTEM32\WFXSVC.EXE (Symantec Corporation, Symantec WinFax PRO NT Service)
0x8759D470 [556] C:\WINDOWS\SYSTEM32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x875EA020 [604] C:\WINDOWS\SYSTEM32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86FC4020 [632] C:\WINDOWS\SYSTEM32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86FC9020 [676] C:\WINDOWS\SYSTEM32\services.exe (Microsoft Corporation, Services and Controller app)
0x870E4020 [688] C:\WINDOWS\SYSTEM32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8761D3B0 [736] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x870436E8 [876] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C3CDA0 [884] C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe (-, Odyssey COM Host)
0x86B8C020 [916] C:\WINDOWS\SYSTEM32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86FD1B10 [976] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x875A0C68 [1068] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x875DE688 [1108] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x875F51F0 [1200] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x870D6020 [1300] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8638A140 [1360] C:\DOCUME~1\TEMP\LOCALS~1\Temp\10gjojy3.tmp\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x8700F440 [1436] C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc., LexBce Service)
0x8705CA20 [1464] C:\WINDOWS\SYSTEM32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x87607500 [1480] C:\WINDOWS\SYSTEM32\LEXPPS.EXE (Lexmark International, Inc., LEXPPS.EXE)
0x875B7918 [1636] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87086DA0 [1668] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x87042BE0 [1684] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x870E2860 [1736] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET, ESET Service)
0x86ED67C0 [1780] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87080AA8 [1952] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86FD2AB0 [1968] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x870C3020 [2024] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x86EB76C0 [2088] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x86C483A8 [2356] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x86CA58D0 [2424] C:\WINDOWS\SYSTEM32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86C97B88 [2588] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x86D70B28 [2824] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp., Bing Bar)
0x86DA6400 [2944] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET, ESET GUI)
0x86FE2DA0 [3216] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET, ESET GUI)
0x86FDF830 [3232] C:\WINDOWS\SYSTEM32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x87042138 [3248] C:\WINDOWS\SYSTEM32\taskmgr.exe (Microsoft Corporation, Windows TaskManager)
0x872BD020 [3344] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x86BAE3F8 [3364] C:\WINDOWS\SYSTEM32\SNDVOL32.EXE (Microsoft Corporation, Volume Control)
0x86DAFDA0 [3452] C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co., )
0x86DC9470 [3788] C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6C78000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF6A4C000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xEE260000 C:\WINDOWS\system32\DRIVERS\eamon.sys 684032 bytes (ESET, Amon monitor)
0xF69A6000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 679936 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7653000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE4F6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEC454000 C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys 450560 bytes (ZyDAS Technology Corporation, ZD1211B 802.11 b+g USB LAN Driver)
0xF68DF000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE6F1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEDDFC000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xED5E6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6BA0000 C:\WINDOWS\system32\drivers\stac97.sys 258048 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF6B4B000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF7814000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEDF6B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7626000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6C02000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7751000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEC429000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE566000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEE6C9000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEE653000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xECA51000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6B7C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6C2F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6BDF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE591000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7731000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xEE7AE000 C:\WINDOWS\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0xF77C6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF77E5000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF760C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF777D000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xEE209000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xEE1F0000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7796000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEE37F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xEE696000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 98304 bytes (ESET, ESET Antivirus Network Redirector)
0xF77AE000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF76F3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF698F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEE222000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF770A000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEDD1F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6C64000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEE74A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF76E0000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF771F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xEDBCF000 C:\WINDOWS\system32\drivers\tmcomm.sys 73728 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF7803000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF697E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEC4ED000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xEE5F3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A23000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7A43000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A33000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEDEC3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7AD3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78C3000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7893000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7923000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7A03000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A53000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7883000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7903000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78F3000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7A63000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7953000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7983000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7963000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7973000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF79F3000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF6E96000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A13000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7873000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7556000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7943000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF74E6000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF7863000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A93000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF78E3000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78B3000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7933000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7A83000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7913000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79E3000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7A73000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF74C6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEC636000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF78A3000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF6E86000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF78D3000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF74D6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BEB000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7C4B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B13000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7B23000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7BCB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AFB000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7B4B000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7AE3000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B43000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7B1B000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xEE7CD000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7BBB000 C:\WINDOWS\system32\windrvNT.sys 28672 bytes
0xF7B2B000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7B33000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7BE3000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7BDB000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BD3000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C13000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7BC3000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C3B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B3B000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7B0B000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7B03000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7C43000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7C0B000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF7AEB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BFB000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B53000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7C03000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7AF3000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF7BF3000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEE80D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7C83000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7C93000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7D27000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF7C7B000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7C9B000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xEE060000 C:\WINDOWS\system32\CBTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF75DC000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7C7F000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7C8B000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7C97000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF73DA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7D43000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C87000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xEE4E2000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7C8F000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7C73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C77000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xEE841000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEDFA4000 C:\Program Files\Broadcom\BACS\FADXP32.sys 12288 bytes (Broadcom Corporation, Frame Access Driver)
0xF6DD6000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEE098000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF75D0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF75D8000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF6DBE000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBFF50000 C:\WINDOWS\System32\TSDDD.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF6DB6000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7D67000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7D9B000 C:\Program Files\Broadcom\BACS\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xF7DCF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D71000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7D6F000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7D99000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7E07000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DCD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D69000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DD7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D73000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7DD9000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DBD000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7DBF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DEB000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D6B000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7DBB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D6D000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D65000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E4D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7F42000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F0A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7E79000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7E77000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x04A20000 Hidden Image-->LEAD.Drawing.Imaging.ImageProcessing.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 102400 bytes
0x047D0000 Hidden Image-->hpqedit.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 1044480 bytes
0x7A4D0000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 1196032 bytes
0x7AA10000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 143360 bytes
0x7B170000 Hidden Image-->System.Windows.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 1470464 bytes
0x7B080000 Hidden Image-->System.Windows.Browser.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 151552 bytes
0x79520000 Hidden Image-->mscorlib.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 1601536 bytes
0x871D0F53 Unknown page with executable code, 173 bytes
0x04950000 Hidden Image-->hpqvideo.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 176128 bytes
0x01240000 Hidden Image-->hpqimgrc.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 200704 bytes
0x8725F74F Unknown page with executable code, 2225 bytes
0x7A300000 Hidden Image-->System.Net.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 233472 bytes
0x00F70000 Hidden Image-->hpqutils.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 233472 bytes
0x79EE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 2375680 bytes
0x7A190000 Hidden Image-->system.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 241664 bytes
0x00D50000 Hidden Image-->hpqiface.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 28672 bytes
0x04200000 Hidden Image-->interop.hpqimgr.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 28672 bytes
0x04D90000 Hidden Image-->Interop.hprblog.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 28672 bytes
0x7AA80000 Hidden Image-->System.Xml.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 331776 bytes
0x045C0000 Hidden Image-->hpqasset.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 36864 bytes
0x04AC0000 Hidden Image-->Interop.hpqvideo.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 36864 bytes
0x01040000 Hidden Image-->hpqtray.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 372736 bytes
0x7B0B0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 380928 bytes
0x04E70000 Hidden Image-->hpqcprsc.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 389120 bytes
0x8726A074 Unknown page with executable code, 3980 bytes
0x7A460000 Hidden Image-->System.Runtime.Serialization.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 421888 bytes
0x03C70000 Hidden Image-->LEAD.Wrapper.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 438272 bytes
0x87261E44 Unknown page with executable code, 444 bytes
0x7B2E0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 4460544 bytes
0x00FC0000 Hidden Image-->hpqfmrsc.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 45056 bytes
0x03580000 Hidden Image-->Interop.hpqcxm08.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 45056 bytes
0x01180000 Hidden Image-->hpqimvlt.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 520192 bytes
0x03C40000 Hidden Image-->LEAD.Windows.Forms.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 53248 bytes
0x050A0000 Hidden Image-->hpqthumb.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 53248 bytes
0x79E50000 Hidden Image-->System.Core.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 544768 bytes
0x00E90000 Hidden Image-->hpqcc2.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 602112 bytes
0x01000000 Hidden Image-->hpqovskn.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 61440 bytes
0x796B0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 6197248 bytes
0x7A340000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 659456 bytes
0x87269D66 Unknown page with executable code, 666 bytes
0x7A1D0000 Hidden Image-->System.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 671744 bytes
0x048F0000 Hidden Image-->hpqimlib.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 69632 bytes
0x04BD0000 Hidden Image-->hpqprrsc.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 69632 bytes
0x049A0000 Hidden Image-->LEAD.Windows.Forms.DrawingContainer.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x03560000 Hidden Image-->hpqntrop.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x046B0000 Hidden Image-->hpqmirsc.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x04A70000 Hidden Image-->hpqglutl.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x049E0000 Hidden Image-->hpqmdmr.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x04EF0000 Hidden Image-->hpqisrtb.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 77824 bytes
0x04FD0000 Hidden Image-->hpqbakup.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 782336 bytes
0x7AAE0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 847872 bytes
0x7A9F0000 Hidden Image-->System.ServiceModel.Web.dll [ EPROCESS 0x86D70B28 ] PID: 2824, 86016 bytes
0x03BE0000 Hidden Image-->LEAD.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 86016 bytes
0x041D0000 Hidden Image-->LEAD.Drawing.dll [ EPROCESS 0x86DAFDA0 ] PID: 3452, 94208 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Administrator\Application Data
!-->[Hidden] C:\Documents and Settings\Administrator\Cookies
!-->[Hidden] C:\Documents and Settings\Administrator\Desktop
!-->[Hidden] C:\Documents and Settings\Administrator\Favorites
!-->[Hidden] C:\Documents and Settings\Administrator\Local Settings
!-->[Hidden] C:\Documents and Settings\Administrator\My Documents
!-->[Hidden] C:\Documents and Settings\Administrator\NetHood
!-->[Hidden] C:\Documents and Settings\Administrator\PrintHood
!-->[Hidden] C:\Documents and Settings\Administrator\Recent
!-->[Hidden] C:\Documents and Settings\Administrator\SendTo
!-->[Hidden] C:\Documents and Settings\Administrator\Start Menu
!-->[Hidden] C:\Documents and Settings\Administrator\Templates
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer\iTunes
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\AppleApplicationSupport 1.1.0
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Lockdown
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AVS4YOU
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonIJScan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\HP Deskjet 5900 Series
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Malwarebytes
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sonic
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP250 series Manual
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 5900 series
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart Essential 2.5
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Wi-Fire Connection Manager
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Adobe\Acrobat\6.0\Messages
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Adobe\Flash Player
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\ArcSoft
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\AVS4YOU
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Corel
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Cyberlink
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\GlarySoft
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\HP
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Leadertech\PowerRegister
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\a.ads2.msads.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\admin.brightcove.com\[[IMPORT]]
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\b.ads2.msads.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\babystrology.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\bankofamerica.com\sas
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\cdn.dipdive.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\cdn.moshimonsters.com\continual
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\cdn.visiblemeasures.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\content1.admonkey.dapper.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\i.ivillage.com\rightcol
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\images.fandango.com\r80.7
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\flashCookie.swf
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\is1.j.tv2n.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\lads.myspace.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\lads.myspacecdn.com\videos
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\m1.2mdn.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\mcstatic.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\media.mtvnservices.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\media.tattomedia.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\media.thewb.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\natalie.feedroom.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\otxresearch.com\img
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\pfiles.5min.com\FlexPlayers
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\pub.widgetbox.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\pub.widgetserver.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\redir.adap.tv
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\resources-p3.imeem.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\smilebox.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\static.pplaylist.com\players\mp3player_new_v82.swf
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\static.pplaylist.com\players\mp3player_new_v83.swf
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\static.userplane.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\static.wix.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\static.youku.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\tmz.vo.llnwd.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\toopyandbinoo.treehousetv.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\twitter.com\flash
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\udn.specificclick.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\void.snocap.com\s
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\widget-cdn.meebo.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.alwayfreegames.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.boostmobile.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.cosmogirl.com\qsp
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.espin.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.he.playlist.com\players
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.hm.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.ikea.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\#SharedObjects\LAQKX2HV\www.smilebox.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.ads2.msads.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#b.ads2.msads.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#babystrology.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.reverbnation.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache_fredo.vindicosuite.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.dipdive.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.moshimonsters.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#content1.admonkey.dapper.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#disney.go.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#download.limewire.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.ivillage.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspacecdn.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#m1.2mdn.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mcstatic.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.tattomedia.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.thewb.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#my.screenname.aol.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#natalie.feedroom.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#otxresearch.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pfiles.5min.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetserver.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#redir.adap.tv
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources-p3.imeem.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.mcstatic.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serving-sys.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#smilebox.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.wix.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#statics.poker.static.zynga.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tdcanadatrust.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#toopyandbinoo.treehousetv.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#twitter.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#void.snocap.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget-cdn.meebo.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.boostmobile.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cosmogirl.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.espin.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.he.playlist.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hm.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ikea.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.weather.com
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Malwarebytes
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Microsoft\MSN Messenger\1332689043
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Microsoft\MSN Messenger\3804962028
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\mjusbsp
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Sonic\RecordNow!
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Sun\Java\Deployment\cache
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Sun\Java\Deployment\ext
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Sun\Java\Deployment\log
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Sun\Java\Deployment\security
!-->[Hidden] C:\Documents and Settings\Brontai\Application Data\Yahoo!\Companion
!-->[Hidden] C:\Documents and Settings\Brontai\Contacts\atcheynum_17@hotmail.com
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\AOL
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Apple Computer\iTunes
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Apple Computer\WebKit
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\IsolatedStorage\j0ht0w5x.qez\ujn2a4q4.yea\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\AssemFiles
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Media Player\Art Cache
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Messenger\atcheynum_17@hotmail.com
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Movie Maker
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\VersionIndependent\LastMailIdKey
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Windows Live Contacts\atcheynum_17@hotmail.com
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:KAVICHS:$DATA
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Application Data\WMTools Downloaded Files
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Apps
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\History\History.IE5\MSHist012010090420100905
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\0CXRR8D2
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\19TO37AG
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\1GP8IMCI
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\2Z1LM611
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\4TQ0VAAH
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\56BN2PWK
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\6E5GI4TA
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\891EEY4C
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\9XPEJ3IU
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\C5RI56D1
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\DCLU3DM3
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\KA8KKGZT
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\KAIQZ6I0
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\MBM76OEJ\epage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;sid=2e3b93046fdad6c9e7fa2f266edbc056;a=1;b=2;sz=336x280;tile=2;pos=1;ord=8886813903227448[1]g
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\MBM76OEJ\t;site=espin;status=internal;sect=edit;sub=nosub;page=update_account;sid=d421248e3601b2e1e215230f42d62fee;a=1;b=2;sz=336x280;tile=2;pos=1;ord=7171251177787781[1]g
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\PUISC976
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\WONKVQQ3
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\ZQEZFKJ1
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temporary Internet Files\Content.IE5\ZQN4V63K
!-->[Hidden] C:\Documents and Settings\Brontai\Local Settings\Temp\VBE
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\CyberLink
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\LimeWire
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Albums
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Music\iTunes
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Music\My Playlists
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Pictures\break in
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Pictures\school
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Pictures\spring break '09
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Pictures\videos
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Pictures\volleyball
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\My Smilebox Creations
!-->[Hidden] C:\Documents and Settings\Brontai\My Documents\Storie
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\ntuser.dat.LOG::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\Brontai\ntuser.dat.LOG:KAVICHS:$DATA
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Adobe\Acrobat
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Arcsoft
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\174.132.135.194
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\a727.ac-images.mspcdn.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\cdn.widgetserver.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\core.mochibot.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\ct.yourminis.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\dapper-production.s3.amazonaws.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\googleads.g.doubleclick.net
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\images1.idealer1.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\include.classistatic.com\include
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\lads.myspace.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\mochiads.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\p.ooyala.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\pub.widgetbox.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\secureinclude.ebaystatic.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\slide.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\static.userplane.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\vitamine.networldmedia.net
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\widget-dc.slide.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\URMRUJ2J\www.paypal.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#174.132.135.194
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a727.ac-images.mspcdn.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ct.yourminis.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dapper-production.s3.amazonaws.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#googleads.g.doubleclick.net
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.video.msn.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images1.idealer1.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#include.classistatic.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#p.ooyala.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#slide.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vitamine.networldmedia.net
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget-dc.slide.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.paypal.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xatech.com
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Microsoft\Address Book
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\3561780847
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\3804962028
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\10
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\11
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\13
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\14
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\15
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\16
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\17
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\18
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\19
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\2
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\20
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\21
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\22
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\23
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\24
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\25
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\26
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\27
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\28
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\29
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\3
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\30
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\31
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\32
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\33
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\34
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\35
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\36
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\37
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\38
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\39
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\4
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\40
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\41
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\42
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\43
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\44
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\45
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\46
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\47
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\48
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\49
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\5
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\50
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\51
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\52
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\53
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\54
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\55
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\56
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\57
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\58
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\59
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\6
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\60
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\61
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\62
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\63
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\7
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\8
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\9
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\muffin
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\tmp
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Google\FastSearch\dictionaries\.google.ca
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Toolbar Cache\6.2.1910.1554
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Messenger\atcheynum_17@hotmail.com
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Messenger\jatcheynum@hotmail.com\ObjectStore
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Messenger\jatcheynum@hotmail.com\Sharing Folders
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Messenger\jatcheynum@hotmail.com\SharingMetadata
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0RKW6S5T
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4XKE5U0B
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4Z8RJDD5
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CA1LY6XH
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E87NLOI1
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EPOQGGFO
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\HVRWRSVN
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\IJBSNJ20
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\P0OZ7O07
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RPGM0HE3
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\U6A3Y78A
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UPB7RFUW
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VMGZ5FZN
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temp\History
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temp\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
!-->[Hidden] C:\Documents and Settings\Guest\My Documents\My Albums
!-->[Hidden] C:\Documents and Settings\Guest\My Documents\My eBooks
!-->[Hidden] C:\Documents and Settings\Guest\My Documents\My Pictures\iZone Photos
!-->[Hidden] C:\Documents and Settings\LocalService\IETldCache
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Adobe\Acrobat
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\alot
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Canon
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\CyberLink
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\dvdcss
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\GlarySoft
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\LimeWire\.AppSpecialShare
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\LimeWire\mozilla-profile\extensions
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\LimeWire\mozilla-profile\updates
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\LimeWire\promotion
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Macromedia\Flash Player\#SharedObjects\FW2QK7V5\chat.hornypharaoh.com
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Macromedia\Flash Player\#SharedObjects\FW2QK7V5\www.hornypharaoh.com
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chat.hornypharaoh.com
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hornypharaoh.com
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Malwarebytes
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\AddIns
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Address Book
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Forms
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\HTML Help
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\UserData
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\MSN Messenger
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Proof
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Speech
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Templates
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Microsoft\Word
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Move Networks
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Mozilla\Extensions
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Real\RealMediaSDK
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Sonic\RecordNow!\Favorites
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Sun\Java\Deployment\cache
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Sun\Java\Deployment\ext
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Sun\Java\Deployment\log
!-->[Hidden] C:\Documents and Settings\TEMP\Application Data\Sun\Java\Deployment\security
!-->[Hidden] C:\Documents and Settings\TEMP\desktop\scout shield
!-->[Hidden] C:\Documents and Settings\TEMP\desktop\Temporary Internet Files
!-->[Hidden] C:\Documents and Settings\TEMP\IECompatCache
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Apple Computer\iTunes
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\GoogleEarth
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Identities
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\magicJack
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\HelpCtr
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Internet Explorer\Services
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\bus_images\0bb1eea3-45d9-4e24-8153-7196fac65721.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\bus_images\25d5f0aa-2da5-497d-aaff-1f6dfdadf904.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\bus_images\41481aaa-3b59-480f-9e1e-acb5511147d2.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\bus_images\5ad9ec63-84af-40d6-8e49-6f2d93e76e1a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\bus_images\a27c0436-3bae-4e43-b429-0c3e32e00916.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\3dbb7f11-1e09-419f-9c63-475dc16d5b8a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\694dd06b-fb8e-4125-aaf5-c0568ec2f1b7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\6e7d3241-95e0-43b1-9349-a2bafd055e78.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\77ff4ce7-520c-40f1-8d1b-1775f09872c8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\78923075-593e-4f1b-9dd9-c07c7d687b75.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\d08acddc-3a6f-491c-a604-84951ddedbc5.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\pol_images\fb4f2edd-7db0-4be4-bbbf-85a45988c93e.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\244cc590-ba2d-4278-9d43-dc8904294463.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\297950f9-208d-4ffe-a538-586f835d8e7d.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\38245b83-81e6-405b-bd3f-5af9bd92e1fb.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\4b5563e7-836e-4135-9e5f-e0875a84e6e1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\93a07af9-6b0a-44b8-9544-6a80a904a9e8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\97c4d62e-9cb8-4bfa-acb6-4e1f68a1de26.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\top_images\e74ccca1-d9a5-41e7-b88b-65cf19454e98.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\19f3dab6-dc06-4005-84da-a9ecdbca798e.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\643f3706-32d4-4099-8892-8223c7931f38.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\74c3feb4-5a03-4c13-9fab-4caf4a7b35be.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\aa04b94d-043a-4e88-8c66-e3a0fa9da0a5.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\fbebb539-b825-42f8-b4c7-36cedac0886b.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\usn_images\fd1ead2c-aaae-468e-945c-4fa31555b123.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\069b6540-36dd-4869-88f3-76c9a023bc79.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\102792fa-fc2b-4819-ad28-6eec6d20bd58.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\19400a57-0388-49a1-8de0-95a5c14ce875.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\19402d7b-91f0-44d2-8f9a-ba4e2a67e524.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\1a155bf7-9916-4864-966b-d9e7bdcbf109.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\291d2ada-d932-43b5-ac30-eb6f0dab29ae.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\31c69ce0-5218-434d-985b-8acb603944a6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\38ed144d-6a0f-4a90-b756-c1f6170516a6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\3cca9468-31a1-4a90-a65a-ba9a5cab517a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\4800af89-cffb-436a-b858-0003620d5c95.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\4da94e6e-6bf8-4d08-9f24-e6f4c51f91b4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\4e1a73a0-d6b9-4c94-be4a-2366cce4325a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\581ef887-676d-426a-a4d2-7a97c514d024.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\58d7d1b4-666e-4e79-8d23-93e9b3efce2d.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\603fae6d-1010-4314-a05f-438d93a2e466.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\6a2ded8a-1294-49ce-956e-36b79dd3985e.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\6b5b09a2-51c5-47f7-a065-e4356e9ce3e7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\73765081-c723-4d16-a010-edfe4daa9614.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\7541c370-f4b4-451a-9f6c-75b27c26aa2f.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\76e2de70-6c37-416f-a20e-f44780a498f2.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\772f8cfe-b462-4c68-8e2b-b05853415e9a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\7cc2abf3-13a0-4923-a87a-6d431bd8d131.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\84d425b4-08fe-4d97-aca8-3929b44c31aa.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\88ee56a3-443c-465a-86ee-65b96eb9ffdc.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\8b91be07-12f6-468c-9f75-cd5774102b92.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\8c72dadb-efdb-4d4c-967f-fe0c995a0501.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\9640e822-979e-4c8e-89cc-063682acb643.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\9f9da5cc-0bf9-4dc7-bb91-aeba6a7dd1b1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\a211f677-6386-44f8-bb27-b4e3743c4775.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\a6268d92-39c6-4663-af37-815c529662cb.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\b733ae53-33b0-46b0-851e-d29e24e43e41.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\c98300a4-b04a-4a70-a346-d8e83b939b73.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\c9c0a02a-59ec-418e-9396-682759a57143.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\cbbbd749-6ce0-4d9a-ab6d-22313855d989.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\ce83337e-a1e7-47d3-a67c-fa071c893e70.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\d370b0ca-df7f-4247-bf24-8a16153b9cbb.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\d7f6749c-a607-4d0b-9f47-9757ae2a0544.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\f1df4fbd-b705-4f53-b507-eb0b7403087a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\f682cd05-3758-442d-867a-0879fe545bd7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\vid_images\ff0c0a1b-d7cb-4ade-9dbb-7ead3501baa9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wei_images\0d68db57-1f45-460a-80da-c80fe8e514f1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wei_images\485651cd-c089-4efd-a070-d15a66c0c62b.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wei_images\67de31ad-6ff8-4388-ac81-79ddd8ccaf95.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wei_images\755e8974-11b3-421c-9636-ac08deac640a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wei_images\f7cd0e70-9a1b-418a-9c37-b2fff477a5c4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wld_images\235def6c-dd29-4196-9f84-a1f24edd0ebd.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wld_images\6e505032-bf21-4dc5-9da2-9b1bf73ad3f0.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wld_images\c613bb7e-7b7f-4a8e-9429-17a1db99055f.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\News\wld_images\d1bb193d-0956-4aa8-a412-062da5195a1e.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\2784d421-8777-434c-953c-3d5511549204.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\34eba9aa-250b-42bb-bb66-e3c224564225.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\36317ded-d2d4-4904-8a4a-eb59d1f58d0c.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\4d1321c1-e160-447f-aa7a-3c93bbe7cafb.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\564910df-3e4e-4289-8e32-429d2aeab8b8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\5b1759c3-2ea4-4a37-bc9b-6ebb1791b4b7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\790bf918-0c0d-43d8-ab3c-f3b39919b97f.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\a1e4358a-5921-4ffd-a04b-22107e789449.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\b5cfdae0-b85e-4faa-a288-51781dececf9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\clb_images\b9e6cffc-7979-4d36-ac1c-45721f5861ad.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\0a9daceb-a172-4323-b031-053541dab55a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\4133e6a9-c472-43b0-a1b1-4620b5ade457.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\55c80dc3-9f95-4fca-8e85-f351755bd2c1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\7c477f7e-f284-4318-9ba7-9069dc70b3e6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\880177a5-0237-47b0-870a-b9187d13b474.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\887d277d-22f5-430c-ac9a-f5818e4e8155.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\b5802964-aa87-402a-ac87-5f42506e9a80.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\bd47e74a-0c9a-4b82-b139-73149058a3f7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\cdb17a9f-81fa-493e-949c-8d103744f9e2.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\hot_images\daecec61-da28-4ed5-9181-70b3be99d35c.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\0419abb0-6c29-4cf8-9473-f9c836bff2d4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\265ff07c-86f9-40a8-891c-3a4e85b257a1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\5ca81a46-723f-4639-a498-0369120c0991.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\686da7a5-9060-469c-a8b8-30a7f3551bc5.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\79f73d44-0c6d-4c7a-b421-358d7814b769.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\9d9219fe-093d-42e1-a0bc-cc22bf4af346.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\d49b5ab2-71f8-4e08-b7a7-10710bf2e781.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\d6075670-a811-41b2-8061-dde313082e63.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\f98b7ee5-d912-4eda-a0a6-aacfc4ead1bf.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mov_images\fe0f6647-16b7-49fd-90db-7254cf6122a9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\121e6373-0fb0-46f1-b8d5-4ee5d25392c7.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\24ee7ea1-d604-4163-bf81-d90b617b3f9e.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\29e588d6-ebcf-411a-b7d8-e97cb7c66178.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\313273b6-be27-4a09-a3db-ca25c42a0b57.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\3a8ec35a-3b1c-4196-b736-6e7c64c2f7f4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\3d69e9cb-493b-4e72-8303-4d5862b5be7d.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\60a2b3ad-f62f-4841-829c-c3570884cb90.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\65635400-6e62-4897-9562-dac6a57348c4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\7f4c60c4-f339-4047-99e7-d815ae08a466.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\9e3cca95-e8a1-4af5-a93e-92ab5fcde976.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\e7f213e9-b201-48b3-97d4-77dd9ff8a69c.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\mus_images\ec2f196d-744e-4e30-b421-29b0ecc1613d.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\2d87d688-8ce3-4368-a4db-df0eba88e601.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\34018ee9-c734-481c-bed7-108f0432da7f.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\399e6a57-f060-4a5b-8533-87987a60b70a.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\58dd4453-8ec8-49ed-ae34-27c93ff364e2.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\91a7ea03-4432-4b42-ae4c-0c16f11053b6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\9f3663c6-30ad-4975-8c75-580c76a0b6c8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\bb32e267-6773-4a17-8c7b-9cc5f787e9bc.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\d34bf249-8f5e-4e31-b7a4-f7d94809d7e1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\df2d4830-7ffc-41ff-b323-2915a3a381e8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\rec_images\f46eb980-db31-47a4-b091-0e496e896473.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\1ae804cc-cef0-43e1-8aef-b40ff9e0af00.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\2748ca77-58db-4176-ac52-12bc3b1d6bb9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\274c3296-887b-413e-9d67-a9b3b1462b65.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\30b3099b-0d92-4bad-92f5-d171e6761d9b.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\3ffe285f-acd6-40e8-b004-faf5d8de30f4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\9f5245d4-6caa-4196-ac79-9b01844c1f23.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\a0954f05-f4e2-4d5e-8edb-4bd321c7ee71.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\bbd3d003-bc48-43c1-9989-a774fa91f2a6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\bfbb7858-a8dc-4bbf-a316-a6057ae5610f.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\vrl_images\e98412d0-1952-4371-90bd-17dfd69d3c10.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\0e1362ce-3e63-4973-951d-057879a347d0.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\2c7235c9-f3df-4ec1-af7e-d6d438b076d4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\32fc57fa-a032-42bf-a8b0-82714d315e30.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\39b22b80-8b37-432b-9083-2109f15de1ca.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\45c9b139-94b0-4198-9418-7b44dc2ea8e3.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\4c8fcc98-e41c-44b4-9fa2-58e16e6d0702.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\7b5ae014-15da-4de3-b36f-2f177c895eaa.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\9de104ce-94f2-4de1-9772-ff754bbf2a09.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\bbe68ec5-b4af-4cc2-b835-3fa979d94f9c.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\5.0.1423.0\content\Video\wat_images\d9c02277-877d-4522-affd-93f7479fbac4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\100409_santa_susana.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\100904-author-hmed-3p.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\100904-earl-hlg-2p.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCA1SOGKW.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAA2LJ01.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAB6QC7K.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAE25S40.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAEX5VFS.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAFI2AFE.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAFU1IM1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAJOWG6D.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCANSXX7W.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAPFUB38.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAQ32U68.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCATCU9X4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAVVPE8F.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAWE6V6N.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\imageCAXZURQB.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\nn_01bno_earlfury_100902.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\n_countdown_oddball_100902.thumb[2].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\rssCA26JJYD
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\rssCA52LHT4
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\rssCAB8F70Z
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\rssCAON003F
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\SearchAppDistribConfig[1].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\SearchAppDistribConfig[2].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\videoByMarket[1].aspx
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\0FI7OF4F\videoByTag[4].aspx
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\appmgr_updates[2].cab
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\g-100904-cvr-blowout-5p.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA0RNLRL.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA1QDM6P.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA25CCSM.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA3G57DS.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA64MU0X.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCA7R3N18.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAEY2LXM.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAEZ1DU2.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAHRRYJF.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCALFS0WE.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAMG4V3R.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAMRC889.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCATICP9Q.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAU2MZTO.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAU9HMK9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\imageCAXNG00Z.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\msn-100904-craigslist.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\n_az_arpaio_100903.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\ObsidianAppDistribConfig[2].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\QuoteRequest[10].txt
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\rssCA6MHV1X
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\rssCA73T1C6
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\rssCABO8GZU
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\rssCABZDYHY
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HCSSH3AF\rssCAYG6M7J
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\100904_fox_glacier_crash.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\c_music_money_100903.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA0N1M0B.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA2SBGC0.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA2W8YVX.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA5CB8Z5.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA5CL2NO.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA7EYFAI.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA8F11LW.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCA9HFRE3.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCABVL2N6.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAERCGSH.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAF44M0P.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAFAAUT1.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAFY0ZDC.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAL044SJ.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAPXLV9Y.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAT5JNE3.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\imageCAUY6ZY9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\ObsidianAppDistribConfig[2].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\par3433468.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\QuoteRequest[10].txt
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\rssCAEHZ0Z5
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\rssCAJKBAEY
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\rssCALMEW2C
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\rssCAWN4O40
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\tdy_seidel_earl_100904.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\V145IMYM\videoByTag[2].aspx
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\BlinkyAppDistribConfig[1].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\BlinkyAppDistribConfig[2].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\ChameleonappDistribConfig[2].xml
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA01IQKX.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA0C0KF8.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA1KB8ZK.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA2VIWUB.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA943IMD.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCA9NJ21L.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAAV74CX.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAB7KTRP.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCABWCIFX.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCABYX3M0.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAPPJWB4.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAQHJYZ9.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCATORMER.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAXY6HLL.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAZQ03PY.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\imageCAZZOMD5.jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\n_dubai_crash_100903.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\n_newzealand_quake_100903.thumb[2].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\obama-1456912779_v2.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\rssCA5F1N0V
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\rssCA7ZGVKC
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\rssCAEKVWEN
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\rssCANJ4BV2
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\rssCAWXN2DH
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\tdy_earl_whip_100903.thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\XTCJ3YB1\videoByTag[1].aspx
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temp\10gjojy3.tmp
!-->[Hidden] C:\Documents and Settings\TEMP\Local Settings\Temp\XCP8B.tmp
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\CyberLink
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\entertainment job info
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\jobs possible may 10
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\LimeWire
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\My eBooks
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\My Music\iTunes\Album Artwork
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\My Pictures\engine
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\My Pictures\MP Navigator EX
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\My Pictures\tools to sell
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\sterling jobs\feb 10
!-->[Hidden] C:\Documents and Settings\TEMP\My Documents\sterling jobs\MARCH 10
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\TEMP\ntuser.dat.LOG::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\TEMP\ntuser.dat.LOG:KAVICHS:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\TEMP\NTUSER.DAT::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\TEMP\NTUSER.DAT:KAVICHS:$DATA
!-->[Hidden] C:\Program Files\AVG
!-->[Hidden] C:\Program Files\AVS4YOU
!-->[Hidden] C:\Program Files\Canon\Easy-WebPrint EX
!-->[Hidden] C:\Program Files\Canon\IJ Manual
!-->[Hidden] C:\Program Files\CCleaner
!-->[Hidden] C:\Program Files\Common Files\AVSMedia
!-->[Hidden] C:\Program Files\Common Files\CANON
!-->[Hidden] C:\Program Files\Common Files\HP\InstantShare
!-->[Hidden] C:\Program Files\Common Files\HP\Memories Disc
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VC
!-->[Hidden] C:\Program Files\Common Files\Software Update Utility
!-->[Hidden] C:\Program Files\Common Files\Sonic Shared
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\desktop.ini
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\pegtag.$s8
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\1689_whaletailncom.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\1st-readme.txte#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\Before and after Green , Blue eye NewColorIris Photos.zipe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\Copy of after-11.jpg a.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\Copy of after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george a.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george a\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george a\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george a\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george a\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george b\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george b\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george b\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george b\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george c\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george c\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george c\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george c\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george d\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george d\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george d\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george d\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george e\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george e\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george e\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george e\Copy of after-11.jpg a.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george e\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george f\after-DCFC0254.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george f\before-DCFC0254.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george f\combined-DCFC0254.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george f\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george g\after-13.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george g\before-13.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george g\combined-13.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george g\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george h\after-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george h\before-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george h\combined-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george h\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george i\after-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george i\before-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george i\combined-DCFC0253.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george i\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george j\after-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george j\before-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george j\combined-11.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george j\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\george one.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\11.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\blue eye one.cpte#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\blue eye three.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\blue three.cpte#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\blue two.cpte#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\blue.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\B_CI1.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\green.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\mask one.cpte#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\PACIENTE2a.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone eight.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone five.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone four.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone one.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone seven.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone six.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone three.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharon stone two.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\sharone stone nine.jpge#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\My Folder\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0040.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0041.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0045.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0046.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0047.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\DCFC0048.JPGe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\my stuff\Thumbs.dbe#~
!-->[Hidden] C:\Program Files\Folder Lock\Encrypted\ⁿ▒╖░╥ⁿ\stuff two
!-->[Hidden] C:\Program Files\Glary Utilities
!-->[Hidden] C:\Program Files\Google\GoogleToolbarNotifier
!-->[Hidden] C:\Program Files\hField Technologies, Inc
!-->[Hidden] C:\Program Files\HP\Digital Imaging\bin\en
!-->[Hidden] C:\Program Files\HP\Digital Imaging\bin\randdata
!-->[Hidden] C:\Program Files\HP\Digital Imaging\bin\res
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Crm
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\CD
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\Destination
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\InstantShare
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\PrintUIData
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\projects
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\projectsspecs
!-->[Hidden] C:\Program Files\HP\Digital Imaging\data\projectstemplates
!-->[Hidden] C:\Program Files\HP\Digital Imaging\extcapuninstall
!-->[Hidden] C:\Program Files\HP\Digital Imaging\graphics\en
!-->[Hidden] C:\Program Files\HP\Digital Imaging\graphics\Photobook
!-->[Hidden] C:\Program Files\HP\Digital Imaging\help\cuetour
!-->[Hidden] C:\Program Files\HP\Digital Imaging\help\helpImages
!-->[Hidden] C:\Program Files\HP\Digital Imaging\help\Library
!-->[Hidden] C:\Program Files\HP\Digital Imaging\hp deskjet 5900 series
!-->[Hidden] C:\Program Files\HP\Digital Imaging\HPIdeas
!-->[Hidden] C:\Program Files\HP\Digital Imaging\HPPSE
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\hp1
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\br
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\cp
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\fw
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\ie
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\is
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\mi
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\pt
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\ul
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Skins\oov1\vt
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Source
!-->[Hidden] C:\Program Files\HP\Digital Imaging\uninstall
!-->[Hidden] C:\Program Files\HP\Digital Imaging\Unload
!-->[Hidden] C:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}
!-->[Hidden] C:\Program Files\HP\Temp\{79546A5F-AE7C-4693-8670-A3401B43ABD2}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CCD09A07-C045-412C-B287-472489ED0F02}
!-->[Hidden] C:\Program Files\InterActual
!-->[Hidden] C:\Program Files\Mozilla Firefox
!-->[Hidden] C:\Program Files\Smilebox
!-->[Hidden] C:\Program Files\WebAppstogo
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Yahoo!
!-->[Hidden] C:\RECYCLER\S-1-5-21-1532035262-3237090906-4204032158-501
!-->[Hidden] C:\sccfg.sys
!-->[Hidden] C:\searchplugins
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP534\A0428566.ver
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP534\A0428567.ver
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP534\A0428568.ver
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP534\snapshot\Repository\FS
!-->[Hidden] C:\users
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923561
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952004
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956572
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956844
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB959426
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960803
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961373
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961501
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB963027-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968537
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969897-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969897-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970238
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971180-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971468
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971961-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973904
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976325-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976662-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977914
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978251
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978262
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978706
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952004$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955069$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958690$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960225$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB972270$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973904$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977914$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979306$
!-->[Hidden] C:\WINDOWS\$NtUninstallMSCompPackV1$
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\AxInterop.SHDocVw
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hplMosaicNet
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\HPODMmcLib
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqactiv
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqactiv.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqalb
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqasmgt
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqasset
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqbakup
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqbakup.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqbkloc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqbutil
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcalp
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcalp.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcc2
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcdcpy
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcdcpy.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcddvd
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcpint
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcprsc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqcprsc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqdocpt
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqdocpt.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqeal
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqedit
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqedit.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqedppi
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqglutl
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqglutl.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqgprsc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqgprsc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqgtpin
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqgtpin.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqiface
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqimgrc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqimgrc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqimlib
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqimvlt
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqimvlt.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqisrtb
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqistab
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqltutl
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqmdmr
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqmdmr.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqmpvad
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqmyint
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqntrop
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqovskn
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpanop
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpanop.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpbgen
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpdmdl
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpel10
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqpel10.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprif
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprjcm
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprjfx
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprjfx.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprrsc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprrsc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprutl
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqprutl.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqptfx
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqptfx.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqptint
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqptint.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqqca
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqszip
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqthrsc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqthrsc.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqthumb
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqtray
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqtray.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqunkwd
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqunkwd.resources
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqvideo
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\hpqxpbrn
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.HPDarc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpocxi08
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodae
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodai
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodaud
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpodeb08
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpodev08
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpodio08
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodmmc
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodmp
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv_md
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodprint2
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodtrk
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodvid
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpodxmlutil
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqaiois
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.HpqCamUn
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpqcldat
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqcrmcm
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqcxm08
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqdstcp
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\interop.hpqimgr
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqusg
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hpqvideo
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.hprblog
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.MsHtmHst
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Interop.SHDocVw
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Codecs
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.ImageProcessing
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Twain
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.CommonDialogs
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.DrawingContainer
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\LEAD.Wrapper
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\Microsoft.mshtml
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer
!-->[Hidden] C:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Wrapper
!-->[Hidden] C:\WINDOWS\ie7updates\KB963027-IE7
!-->[Hidden] C:\WINDOWS\ie8updates
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}
!-->[Hidden] C:\WINDOWS\Installer\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}
!-->[Hidden] C:\WINDOWS\Installer\{34BFB099-07B2-4E95-A673-7362D60866A2}
!-->[Hidden] C:\WINDOWS\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\ServicePackFiles
!-->[Hidden] C:\WINDOWS\SYSTEM32\bits
!-->[Hidden] C:\WINDOWS\SYSTEM32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C
!-->[Hidden] C:\WINDOWS\SYSTEM32\en
!-->[Hidden] C:\WINDOWS\SYSTEM32\scripting
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\hpdeskjet_5900_serie984a
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B704, Type: Inline - RelativeJump 0x804E2704-->804E26FA [ntoskrnl.exe]
ntoskrnl.exe+0x0000B79C, Type: Inline - RelativeJump 0x804E279C-->804E2792 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - RelativeJump 0x804E27C8-->804E27BE [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8A0, Type: Inline - RelativeJump 0x804E28A0-->804E2896 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8B8, Type: Inline - RelativeJump 0x804E28B8-->804E28B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8DC, Type: Inline - RelativeJump 0x804E28DC-->804E28D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA6C, Type: Inline - RelativeJump 0x804E2A6C-->804E2A62 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump 0x804E2AAC-->804E2AA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BABC, Type: Inline - RelativeJump 0x804E2ABC-->804E2AB2 [ntoskrnl.exe]
[1736]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[1780]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1780]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1780]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1780]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1780]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1780]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1780]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2356]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[2356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[364]Safari.exe-->user32.dll-->BeginPaint, Type: Inline - RelativeJump 0x7E428FE9-->00000000 [WebKit.dll]
[364]Safari.exe-->user32.dll-->EndPaint, Type: Inline - RelativeJump 0x7E428FFD-->00000000 [WebKit.dll]


kindest regards,

slojo55

#6 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 04:20 PM

Syler,
Here is the OTL
OTL logfile created on: 9/5/2010 12:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 375.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 11.28 Gb Free Space | 33.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: George A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/07/23 05:59:14 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/08/14 14:39:48 | 000,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
PRC - [2004/08/04 04:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SNDVOL32.EXE
PRC - [2004/07/27 20:11:14 | 005,434,880 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
PRC - [2004/04/21 19:26:56 | 000,778,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
PRC - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/04/21 19:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)
SRV - [2004/01/30 14:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004/01/30 14:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
SRV - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2009/02/24 00:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\zgchsmdm.sys -- (zgchsmdm)
DRV - [2009/02/24 00:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\zgchsdiag.sys -- (zgchsdiag)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/08 09:04:20 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanUZXP.SYS -- (NB762_XP)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/30 19:12:56 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2006/04/14 22:54:59 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\windrvNT.sys -- (windrvNT)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/20 10:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/05/13 18:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/05/06 22:47:10 | 000,079,616 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GV4SRV)
DRV - [2004/03/10 20:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TNET1130x.sys -- (TNET1130x)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/30 19:40:08 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2004/01/02 09:44:22 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/11/13 17:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 17:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 17:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/08 16:34:24 | 000,032,084 | R--- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adsexpb.sys -- (ADSEXPB)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/12 20:04:10 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/04/24 14:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV - [2003/04/22 14:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/30 10:52:50 | 000,011,904 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\FADXP32.sys -- (FAD)
DRV - [2002/08/08 14:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/10/01 06:37:40 | 000,017,432 | R--- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 12:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 12:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 12:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/27 20:16:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/28 02:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/01 15:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 15:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/28 21:37:10 | 000,000,000 | ---D | M]

[2010/08/28 03:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Extensions
[2009/07/19 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/28 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\qs4zwzt4.default\extensions
[2010/08/28 21:32:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\qs4zwzt4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/28 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 14:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/27 14:37:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006..\Run: [cdloader] C:\Documents and Settings\TEMP\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O4 - Startup: C:\Documents and Settings\Brontai\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O4 - Startup: C:\Documents and Settings\George A\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\George A\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.storefront.com/images/globa...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146826100339 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/41/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\WINDOWS\System32\fltlib32.dll) - C:\WINDOWS\System32\fltlib32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ecc6f314600: DllName - C:\WINDOWS\System32\fltlib32.dll - C:\WINDOWS\System32\fltlib32.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wi-Fire Connection Manager.lnk - C:\Program Files\hField Technologies, Inc\Wi-Fire Connection Manager\Wi-Fire Connection Manager.exe - (hField Technologies, Inc.)
MsConfig - StartUpReg: 103 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DadApp - hkey= - key= - C:\Program Files\Dell\AccessDirect\DadApp.exe ()
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SpiralFrog - hkey= - key= - C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: webHancer Agent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 12:41:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/09/05 12:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Desktop\desktop
[2010/08/29 02:54:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/29 02:53:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/29 02:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/28 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/08/28 15:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/28 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/27 22:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/27 20:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/27 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/27 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/27 20:28:15 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/08/27 20:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/27 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/27 20:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/08/27 20:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/27 20:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/08/27 20:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/08/27 15:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/27 14:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/27 14:38:15 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/27 14:38:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/27 14:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/27 14:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 01:21:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TEMP\Recent
[2010/08/26 23:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Funk Software
[2010/08/26 23:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/08/26 22:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\My Documents\Downloads
[2010/08/26 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Temp
[2010/08/26 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Deployment
[2010/08/26 21:01:08 | 000,000,000 | ---D | C] -- C:\c30e2f712dc3a01a8acb2554
[2010/08/26 20:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/08/10 11:03:22 | 000,000,000 | ---D | C] -- C:\a8a980aece7b04a939
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\TEMP\My Documents\*.tmp files -> C:\Documents and Settings\TEMP\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/05 12:55:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DFFD3870-6200-4648-BC21-C6ADC88F7B5C}.job
[2010/09/05 12:53:59 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/05 12:53:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0B67ADB-B1EF-436F-8327-CF4E8FA4006C}.job
[2010/09/05 12:52:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E481A751-3F64-449E-BBF8-3C62A9D881D0}.job
[2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/09/05 00:46:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532035262-3237090906-4204032158-1006Core.job
[2010/09/04 00:41:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/02 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/02 12:52:15 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/02 12:52:15 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/02 12:52:08 | 000,000,748 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/02 12:51:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 12:51:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/02 12:51:45 | 1072,062,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 23:39:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/29 02:54:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 23:28:48 | 000,061,976 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 23:27:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/28 22:39:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TEMP\NTUSER.INI
[2010/08/28 15:22:52 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\TEMP\NTUSER.DAT
[2010/08/28 15:20:19 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/28 03:22:14 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/28 03:22:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/28 02:46:08 | 000,491,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 02:46:08 | 000,434,706 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/28 02:46:08 | 000,068,444 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/28 00:44:30 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/28 00:40:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/27 21:25:29 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 21:19:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 14:37:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/27 14:37:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/27 14:37:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/27 14:37:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 14:37:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/26 23:06:47 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\TEMP\My Documents\*.tmp files -> C:\Documents and Settings\TEMP\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/29 02:54:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 23:28:48 | 000,061,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 23:27:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/28 23:27:58 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/28 15:37:14 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/28 15:20:19 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/28 03:22:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/28 03:22:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/28 00:44:30 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/28 00:41:57 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532035262-3237090906-4204032158-1006Core.job
[2010/08/27 21:01:07 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 20:29:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/26 23:06:45 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk
[2010/04/12 22:25:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\fusioncache.dat
[2010/01/04 20:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/07/31 12:27:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2009/04/01 12:41:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:04:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/29 21:04:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/29 21:04:37 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/29 21:03:53 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/12/17 15:55:32 | 000,000,393 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/08/29 15:22:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2006/05/03 22:09:42 | 000,000,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/14 22:54:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2006/04/14 22:54:59 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2006/03/14 13:04:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/05 16:25:44 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/11/01 14:19:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/30 17:43:40 | 000,014,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/30 17:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/10/24 17:31:04 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/07/27 10:10:46 | 000,001,173 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/07/21 11:42:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/07/21 11:41:55 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66EF.ini
[2005/07/15 12:38:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/03 10:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 10:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/24 19:26:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/04/24 19:17:07 | 000,000,931 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/24 19:15:46 | 000,000,202 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2005/02/16 15:25:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/02/10 00:54:53 | 000,000,243 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2005/02/09 00:49:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2005/02/07 23:44:33 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/07 23:44:33 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/02/07 23:16:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/06 02:53:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/02/06 00:26:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/05 03:25:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/02/05 03:25:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/05 03:19:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Epsonpl.ini
[2005/02/04 22:08:48 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2005/02/04 22:08:43 | 000,000,422 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/02/04 22:08:43 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/02/04 22:08:32 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2005/02/04 22:06:17 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/02/02 23:37:09 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005/02/02 23:28:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2005/02/02 23:18:55 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS45.DLL
[2005/02/02 23:13:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/02 23:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2005/02/02 22:59:39 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2005/02/02 22:59:38 | 000,000,314 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2005/02/02 22:59:35 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2005/02/02 22:56:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/13 13:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/13 13:48:00 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/13 13:40:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/12/13 12:58:08 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/09/07 23:56:36 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/07 23:56:36 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/07 23:56:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/05 11:03:50 | 000,411,648 | ---- | C] () -- C:\WINDOWS\System32\RegProc.dll
[2002/09/11 10:31:28 | 000,384,000 | ---- | C] () -- C:\WINDOWS\System32\ShareReg.dll
[2002/08/12 08:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/01/11 11:25:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2002/01/08 15:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\wizard.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\tsiwinfile.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TLCAPPS.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WRITE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmserror.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\windrvNT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WFXSNT40.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vaultskn.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uninscpw.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UFAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSD32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\suppdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stac97.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SNDVOL32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSMGRSTR.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Richtx32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pscUD111.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTIO.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NeroCheck.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\N124UFW.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSHEARTS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG723.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG711.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSACM32.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLANG.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCICDA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAIN.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LZ32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffax10N.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfcmp10n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfbmp10n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LEXP2P32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lexlmpm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LEX2KUSB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L_INTL.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KDCOM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Jpeg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ICMUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iacenc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HTICONS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzsnt10.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzll3xu.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhopen.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GEO.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXSSEND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUSD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FREECELL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EGA.CPI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tmcomm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\stac97.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RDPCDD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASPTI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASACD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PTILINK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PalmUSBD.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\omci.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFWD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFLT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NV4_MINI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IPFLTDRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSFHWICH.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSF_DP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSF_CNXT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\E100B325.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DMLOAD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\del5422.cty:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrUsbScn.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrUsbMdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrSerWdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrPar.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\bcm4sbxp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AUDSTUB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_INS_I1150.mrk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMOCX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRG.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DellSys.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBGENG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DRM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cpwmon2k.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONTROL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMCAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNMLM5y.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHARMAP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBUI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBControl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_950.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_949.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_936.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_932.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_874.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_850.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_437.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28605.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20127.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1258.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1257.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1256.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1255.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1254.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1253.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1252.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1251.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1250.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrScnRsm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfRsmg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfLpt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfBidi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrBidiIf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BMAPI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$WINNT$.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WING32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WING.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\snymsico.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\PATCH.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\opt_2460.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPSYS32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPCP32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPAPI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\bruninst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_DEFAULT.PIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Uninstall_CDS.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ns paper.doc1.doc2.doc2final1.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ns paper.doc1.doc2.doc2final.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\hpfr3740.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\TEMP\My Documents\PubWhiteList.pwl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Voice Studio.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Canon ZoomBrowser EX.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\BOOT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT256.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINHELP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINFAX.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WFXDEL.BAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vsapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VPTNFILE.975:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VMMREG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VBADDIN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VB.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNZIP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNVEContent.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNVEContent.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNMP.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNMP.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNeroVision.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNeroVision.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_16.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWAIN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSC.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAmain.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAINFO.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmupdate.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMUPDATE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMADCE.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XENROLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XceedFtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHISN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHATM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMERRENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINNLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINMSD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINMINE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHELP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINFAX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINCHAT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIASF.AX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXSVC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXMNTHQ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXMNT40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Welsof32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBFLDRS.MSI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WDL.TRM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vorbisenc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vorbis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VJOY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA64K.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA256.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VCDEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR332.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Vb40032.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\V7VGA.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVPA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV80A.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV42A.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDPA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Unidrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNICODE.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UCS32P.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tvqenc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSKILL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCUPGRD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Tiff32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TFTP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TDI-SonyOMG.sc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TDI-SonyOMG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCPMON.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynTPCoI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynCtrl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SWPRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBRANGE.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STORAGE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Status.MPF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWID.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spr32d30.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLBCSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SKDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntfNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntf16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHIFTJIS.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHARE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHADOW.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUP.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERVICES.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SECUPD.SIG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SECUPD.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCCBASE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RUNAS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSMUI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSACI.RAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\roboex32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RNR20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RNetSrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHED32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RESET.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPLACE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGINI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REDIR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RECOVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASSER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASRAD.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMXS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRNM.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagls.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscVSWIA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRINT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ppremove.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pport_res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PMSPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PING6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\picn20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFTS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFI009.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFD009.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PENTNT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pdrvinst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCL.SEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pc_fax32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PATHPING.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PAQSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PANMAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PalmDevC.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ogg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oemdspif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTSD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO804.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO412.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO411.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO404.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.THA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.SVE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.NLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ESN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETUI2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NET.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCPA.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MYDLL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRT10.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR2C.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msinet.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRINFO.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MONITOR.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Modem.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODE.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMDRV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIB.BIN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuiw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MEM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDHCP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCD32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISVC.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lttwn10n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltocx10n.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltkrn10n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltimg10n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltfil10N.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltefx10n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltdis10n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LRNXP.ICO:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPQ.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LODCTR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOADFIX.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif10N.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEXPPS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEXBCES.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LANMAN.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LABEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KRNL386.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KOREAN.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYBOARD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEY01.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSW.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDEST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDES.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KB16.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_2.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_1.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSH400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSD400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGMD400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGAW400.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JET500.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ivfsrc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPROP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INSTCAT.SQL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INLOADER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Inetwh32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMPLODE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXRA7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXR7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXpr7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagX7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IDEOGRAF.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IDEDrv.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSDO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSAM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASRECST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASNAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASADS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASACCT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HSFCI008.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HOMEPAGE.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HNETMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HIMEM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HAF9SE8J.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTrnPrXP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gtdownls_95.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIENU.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GLMF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GETUNAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GDI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GCDEF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GB2312.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\G711CODC.AX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSROUTE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSPERF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSCOUNT.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSCFGWZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FMIFS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FLKill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FINGER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXPAND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EULA.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENT97.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EmailShared.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDLIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ECBTEG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPPORT4.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPMON24.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPCHP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL32.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\E_SAGSET.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DView.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSSEC.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSOUND.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ROOTMDM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DXAPI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPLAY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOSX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMINTF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brusbscn.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brusbmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brserwdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brfilt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DIMAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DIACTFRM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKADP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\declrds.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DEBUG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI.VXD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDEML.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCWFP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCMSP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCEXT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DXOF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DRAMP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DPMESH.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DIM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTYPE.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTL3D32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRYSTL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Crpe32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Crpaig32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cpwsave.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONVERT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\SYSTEM.SAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\SOFTWARE.SAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\DEFAULT.SAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPACT.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMAND.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNQU70.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS5y.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS45.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMLM45.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMOS.RAM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CLICONF.CHM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CKCNV.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADV.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHCP.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CALC.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_875.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_869.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_865.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_863.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_861.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_860.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_857.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_855.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_852.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_775.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_737.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_500.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28603.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28599.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28598.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28593.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28592.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28591.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_21866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20905.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20866.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20261.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_1026.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10082.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10081.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10079.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10029.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10017.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10010.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10007.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10006.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10000.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_037.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BSSpread.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BSelList.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Brwebup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BrWebIns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BRMFPMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brinsstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brfxdial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brcoinst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOPOMOFO.UCE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS4.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS1.ROM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BInstDll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BD2040.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BACSCPL.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AXCTRL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AXAUTCTL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Awrtl30.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\awpe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVWAV.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVTAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVMETER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATRACE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ARP.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APPEND.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APCUPS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ANSI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AdobeFnt.lst:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeactx.ITA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.FRA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ESP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ENU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.DEU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\401COMUPD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.CPX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.CPX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$NCSP$.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\STDOLE.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SETUP.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVCRT40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MFC40.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Iconlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Epsonlog.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Status.mif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SPROF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPLOG.DEL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPAPI.DEL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPACT.DEL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETPWRCG.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\runtsckl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RMAgentOutput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PowerReg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PhotoBase Screen Saver.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\patchw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PalmDevC.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ORUN32.ISU:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ORUN32.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NeroDigital.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSDFMAP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\lpt$vpn.975:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\loadhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\lexstat.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPCMS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\kcm2sp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iccsigs.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpbvspst.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpbvspst.his:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hcextoutput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\GetServer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EXPLORER.SCF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EReg515.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EReg077.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Epsonpl.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\EPSC66EF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dllTSCLIBMT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\disneysy.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\disney.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\D9H7ADHB.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Cvrpage.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CLOCK.AVI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cdplayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\brwmark.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BRPP2KA.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Brpcfx.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\brmx2001.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BPMNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BOOTSTAT.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\aucfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ActiveAct.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\1.sim:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\NNAVM_2_Pages.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\log.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\index.html:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\TEMP\NTUSER.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\aug10 .htpasswd:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WIASERVC.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WPA.DBL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\mfc42u.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hpzll4v2.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hpzll4pi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\TNET1130x.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\FwRad16.bin:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\hegames.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\DatabaseID:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\BRMFBIDI.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\hook.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\FwRad17.bin:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BrEvIF.dll:KAVICHS
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shw32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pscND111.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PSCLU111.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OLEACC.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MAPI32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lxbcpwr.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LEXBCE.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\iyvu9_32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMDUSB.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMD033.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMD031.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\BrFilt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CARDS.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\BrSerIf.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\BrmfUSB.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\IsUninstAct.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS
< End of report >


Kindest regards,
slojo55

#7 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 04:24 PM

Hey Syler,

Here is the extra file.


OTL Extras logfile created on: 9/5/2010 12:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 375.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 11.28 Gb Free Space | 33.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: George A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- (Streamcast Networks, Inc)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Documents and Settings\TEMP\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\TEMP\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26C849AB-1865-412D-B87D-B18BC5CB6C60}" = OpenMG Secure Module 3.4.01
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.03
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.06
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7AE05271-5CBB-48D7-9B72-FDB4FD57EA4D}" = Polaroid iZone PhotoBase
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7DBBC522-F642-4D6C-A03F-22E49EB63437}" = Palm Desktop
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95738B44-49CF-4C62-A620-320F1007B14A}" = SpiralFrog Download Manager 0.8.23
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC7DC510-2496-11D4-898C-0080ADB7419F}" = OLYMPUS P-400 Utility
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CCD09A07-C045-412C-B287-472489ED0F02}" = Wi-Fire Connection Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"1Cleanup 3.2_is1" = 1Cleanup 3.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 4.0 LE" = Adobe Photoshop 4.0 LE
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"CutePDF Writer Installation" = CutePDF Writer 2.2
"Defraggler" = Defraggler
"Easy CD Ripper" = Easy CD Ripper 2.30
"eGames GameButler" = eGames GameButler
"eMachineShop_is1" = eMachineShop
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"ezt" = EZTMusicManager
"Folder Lock" = Folder Lock
"FrostWire" = FrostWire 4.20.9
"Glary Utilities_is1" = Glary Utilities 2.14.0.711
"Graboid Video" = Graboid Video 1.5
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.4-04-14-17-01" = OpenMG Limited Patch 3.4-04-17-06-01
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO 10.01
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2010 1:18:19 AM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4387

Error - 9/3/2010 1:18:21 AM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/3/2010 1:18:21 AM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5849

Error - 9/3/2010 1:18:21 AM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5849

Error - 9/4/2010 2:51:38 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/4/2010 2:51:38 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21421

Error - 9/4/2010 2:51:38 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21421

Error - 9/4/2010 8:45:45 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/4/2010 9:49:15 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/5/2010 12:54:44 AM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/30/2010 7:00:05 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 9/2/2010 6:12:09 AM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 9/2/2010 3:52:08 PM | Computer Name = GEORGE | Source = Print | ID = 23
Description = Printer Lexmark 510 Series,0 failed to initialize because a suitable
Lexmark 510 Series driver could not be found.

Error - 9/2/2010 3:52:08 PM | Computer Name = GEORGE | Source = Print | ID = 23
Description = Printer Lexmark Z700-P700 Series,4 failed to initialize because a
suitable Lexmark Z700-P700 Series driver could not be found.

Error - 9/2/2010 3:52:22 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7000
Description = The ADS DVD Xpress B service failed to start due to the following
error: %%1058

Error - 9/2/2010 3:52:22 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7000
Description = The IC Recorder Driver service failed to start due to the following
error: %%1058

Error - 9/2/2010 3:52:22 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 9/2/2010 3:54:01 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 9/3/2010 5:47:27 PM | Computer Name = GEORGE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 00114363B6F7.

Error - 9/4/2010 2:51:51 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.


< End of report >



Kindest regards,
slojo55

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:29 AM

Posted 05 September 2010 - 05:51 PM

Hi slojo55,

Peer-to-Peer Programs
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Frostwire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading.
Select Show hidden files and folders.
Then click apply and ok.

Then

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O4 - HKU\S-1-5-21-1532035262-3237090906-4204032158-1007..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
    O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.storefront.com/images/globa...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\fltlib32.dll) - C:\WINDOWS\System32\fltlib32.dll File not found
    O20 - Winlogon\Notify\ecc6f314600: DllName - C:\WINDOWS\System32\fltlib32.dll - C:\WINDOWS\System32\fltlib32.dll File not found
    O33 - MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    O33 - MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    MsConfig - StartUpReg: 103 - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
    MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: dla - hkey= - key= - File not found
    MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe File not found
    MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
    MsConfig - StartUpReg: webHancer Agent - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Zune Launcher - hkey= - key= - Reg Error: Value error. File not found
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
    @Alternate Data Stream - 68 bytes -> C:\wizard.txt:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\tsiwinfile.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\TLCAPPS.INI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WRITE.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmserror.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\windrvNT.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WFXSNT40.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vaultskn.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USER.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uninscpw.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UFAT.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSD32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\suppdll.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stac97.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SNDVOL32.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVP.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSMGRSTR.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Richtx32.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pscUD111.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTIO.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETMSG.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NeroCheck.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\N124UFW.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSHEARTS.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG723.ACM:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG711.ACM:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSACM32.DRV:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLANG.DAT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCICDA.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAIN.CPL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LZ32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffax10N.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfcmp10n.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfbmp10n.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LEXP2P32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lexlmpm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LEX2KUSB.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L_INTL.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KDCOM.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Jpeg32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ICMUI.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iacenc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HTICONS.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzsnt10.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzll3xu.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhopen.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GEO.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXSSEND.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUSD.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FREECELL.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EGA.CPI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tmcomm.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\stac97.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RDPCDD.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASPTI.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RASACD.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PTILINK.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PalmUSBD.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\omci.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFWD.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKFLT.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NV4_MINI.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IPFLTDRV.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSFHWICH.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSF_DP.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HSF_CNXT.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\E100B325.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DMLOAD.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\del5422.cty:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrUsbScn.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrUsbMdm.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrSerWdm.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BrPar.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\bcm4sbxp.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AUDSTUB.SYS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_INS_I1150.mrk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMOCX.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRG.MSC:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DellSys.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBGENG.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DRM.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cpwmon2k.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONTROL.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMCAT.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNMLM5y.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLB.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHARMAP.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBUI.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBControl.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_950.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_949.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_936.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_932.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_874.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_850.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_437.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28605.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20127.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1258.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1257.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1256.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1255.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1254.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1253.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1252.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1251.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1250.NLS:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrScnRsm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfRsmg.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfLpt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrmfBidi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BrBidiIf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BMAPI.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$WINNT$.INF:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WING32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WING.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\snymsico.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\PATCH.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\opt_2460.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPSYS32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPCP32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\KPAPI32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\bruninst.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\_DEFAULT.PIF:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Program Files\Uninstall_CDS.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\ns paper.doc1.doc2.doc2final1.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\ns paper.doc1.doc2.doc2final.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\hpfr3740.log:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\TEMP\My Documents\PubWhiteList.pwl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Voice Studio.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Canon ZoomBrowser EX.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\BOOT.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT256.BMP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINNT.BMP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINHELP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WINFAX.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WFXDEL.BAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vsapi32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VPTNFILE.975:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VMMREG32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VBADDIN.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VB.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNZIP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNVEContent.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNVEContent.cfg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNMP.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNMP.cfg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNeroVision.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNNeroVision.cfg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_32.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWUNK_16.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWAIN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.ptn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSC.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAmain.ptn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAINFO.xml:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmupdate.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMUPDATE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMADCE.ptn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XENROLL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XceedFtp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHISN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WSHATM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMERRENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINNLS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINMSD.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINMINE.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINHELP.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINFAX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINCHAT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIN.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WIASF.AX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXSVC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXMNTHQ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFXMNT40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WFWNET.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Welsof32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBFLDRS.MSI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WDL.TRM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W32TM.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vorbisenc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vorbis.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VJOY.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA64K.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA256.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VGA.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VER.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VCDEX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR332.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Vb40032.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\V7VGA.ROM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVPA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV80A.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRV42A.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRDPA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UREG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Unidrv.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNICODE.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UCS32P.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib4.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib20.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tvqenc.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSLABELS.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSKILL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCUPGRD.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCON.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TIMER.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Tiff32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TFTP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TDI-SonyOMG.sc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TDI-SonyOMG.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCPMON.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynTPCoI.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynCtrl.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SWPRV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBST.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SUBRANGE.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\STORAGE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Status.MPF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLWID.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spr32d30.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOUND.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SLBCSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SKDLL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntfNT.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntf32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SIntf16.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHIFTJIS.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHELL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHARE.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SHADOW.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SFC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETVER.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUP.BMP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERVICES.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SECUPD.SIG:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SECUPD.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCCBASE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RUNAS.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSVP.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSMUI.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSM.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RSACI.RAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROUTE.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\roboex32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RNR20.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RNetSrv.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHED32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RESET.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPLACE.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REND.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGINI.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REDIR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RECOVER.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASSER.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASRAD.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMXS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRS.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RASCTRNM.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagls.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscVSWIA.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRINT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ppremove.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pport_res.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PMSPL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PING6.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\picn20.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFWCI.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFTS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFI009.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFFILT.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFD009.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PERFCI.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PENTNT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pdrvinst.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCL.SEP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pc_fax32.hlp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PATHPING.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PAQSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PANMAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PalmDevC.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLESVR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLECLI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLE2.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ogg.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oemdspif.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTSD.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO804.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO412.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO411.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIO404.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.THA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.SVE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.NLD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ITA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.FRA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ESN:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.ENG:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DEU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NOISE.CHS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETUI2.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETH.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NETAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NET.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NCPA.CPL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MYDLL.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCRT10.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSR2C.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msinet.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSG.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSACM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRINFO.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUSE.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MONITOR.INF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODEX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Modem.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MODE.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMTASK.TSK:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMSYSTEM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MMDRV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MIB.BIN:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuiw32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MEM.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDHCP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCD32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISVC.INF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lttwn10n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltocx10n.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltkrn10n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltimg10n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltfil10N.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltefx10n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltdis10n.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LRNXP.ICO:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LPQ.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LODCTR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LOADFIX.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif10N.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEXPPS.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LEXBCES.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LANMAN.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LABEL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KRNL386.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KOREAN.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYBOARD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEY01.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDUK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSW.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDSF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDRO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDPL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDNE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMON.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDLA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDIC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDHE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDFC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDEST.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDES.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDDA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDCA.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDBE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KB16.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_2.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KANJI_1.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSH400.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGSD400.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGMD400.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JGAW400.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JET500.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ivfsrc.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IPROP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INSTCAT.SQL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INLOADER.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Inetwh32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMPLODE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXRA7.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXR7.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXpr7.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagX7.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IDEOGRAF.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IDEDrv.vxd:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSDO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASSAM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASRECST.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASNAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASADS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IASACCT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HSFCI008.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon10.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi10.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HOMEPAGE.INF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HNETMON.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HIMEM.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HAF9SE8J.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTrnPrXP.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gtdownls_95.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIENU.VXD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GLMF32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GETUNAME.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GDI.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GCDEF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GB2312.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\G711CODC.AX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSROUTE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSPERF.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSCOUNT.H:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXSCFGWZ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FMIFS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FLKill.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FINGER.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FIND.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXPAND.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EULA.TXT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ESENT97.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EmailShared.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDLIN.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EDIT.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ECBTEG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPPORT4.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPMON24.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EBPCHP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL32.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EAL.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\E_SAGSET.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DView.cfg:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSSEC.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSOUND.VXD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ROOTMDM.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DXAPI.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DPLAY.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOSX.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMINTF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT.VXD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brusbscn.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brusbmdm.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brserwdm.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brfilt.sys:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DIMAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DIACTFRM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKMON.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DESKADP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\declrds.ax:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DEBUG.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI.VXD:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDEML.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCWFP32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCMSP32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DCCEXT32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DXOF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DRAMP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DPMESH.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\D3DIM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTYPE.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTL3D32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRYSTL32.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Crpe32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Crpaig32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cpwsave.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONVERT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\SYSTEM.SAV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\SOFTWARE.SAV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\DEFAULT.SAV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMPACT.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMAND.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMM.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNQU70.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS5y.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS45.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMLM45.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMOS.RAM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CLICONF.CHM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CKCNV.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADV.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHCP.COM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CALC.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_875.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_869.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_866.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_865.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_863.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_861.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_860.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_857.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_855.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_852.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_775.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_737.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_500.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28603.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28599.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28598.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28593.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28592.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28591.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_21866.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20905.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20866.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_20261.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_1026.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10082.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10081.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10079.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10029.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10017.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10010.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10007.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10006.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_10000.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_037.NLS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BSSpread.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BSelList.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Brwebup.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BrWebIns.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BRMFPMON.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brinsstr.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brfxdial.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\brcoinst.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOPOMOFO.UCE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS4.ROM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BIOS1.ROM:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BInstDll.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BD2040.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BACSCPL.cpl:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AXCTRL32.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AXAUTCTL.OCX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Awrtl30.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\awpe.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVWAV.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVTAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVMETER.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AVICAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATRACE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ARP.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APPEND.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APCUPS.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ANSI.SYS:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AdobeFnt.lst:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeactx.ITA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.FRA:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ESP:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.ENU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ActiveActX.DEU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\401COMUPD.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.CPX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.CPX:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$NCSP$.INF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\STDOLE.TLB:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SETUP.INF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVCRT40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MFC40.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Iconlib.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Epsonlog.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Status.mif:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SPROF32.DLL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPLOG.DEL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPAPI.DEL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETUPACT.DEL:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SETPWRCG.EXE:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\runtsckl.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\RMAgentOutput.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\PowerReg.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\PhotoBase Screen Saver.scr:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\patchw32.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\PalmDevC.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ORUN32.ISU:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ORUN32.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\NeroDigital.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSDFMAP.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\lpt$vpn.975:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\loadhttp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\lexstat.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\KPCMS.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\kcm2sp.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\iccsigs.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpbvspst.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpbvspst.his:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\hcextoutput.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\GetServer.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\EXPLORER.SCF:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\EReg515.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\EReg077.dat:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Epsonpl.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\EPSC66EF.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\dllTSCLIBMT.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\disneysy.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\disney.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\D9H7ADHB.ocx:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Cvrpage.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\CLOCK.AVI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\cdplayer.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\brwmark.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\BRPP2KA.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Brpcfx.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\brmx2001.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\BPMNT.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\BOOTSTAT.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.dll:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\aucfg.ini:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ActiveAct.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\WINDOWS\1.sim:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\NNAVM_2_Pages.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\log.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\index.html:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\TEMP\NTUSER.INI:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\aug10 .htpasswd:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\WIASERVC.LOG:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WPA.DBL:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\mfc42u.dll:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hpzll4v2.dll:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hpzll4pi.dll:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\TNET1130x.sys:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\FwRad16.bin:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\hegames.ini:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\DatabaseID:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\WINDOWS\BRMFBIDI.INI:KAVICHS
    @Alternate Data Stream - 228 bytes -> C:\hook.log:KAVICHS
    @Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\FwRad17.bin:KAVICHS
    @Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
    @Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
    @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BrEvIF.dll:KAVICHS
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shw32.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pscND111.exe:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PSCLU111.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OLEACC.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MAPI32.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lxbcpwr.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LEXBCE.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\iyvu9_32.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMDUSB.sys:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMD033.sys:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NETMD031.sys:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\BrFilt.sys:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CARDS.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\BrSerIf.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\BrmfUSB.dll:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\WINDOWS\IsUninstAct.exe:KAVICHS
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\AVG\AVG8\avgemc.exe"=-
    "C:\Program Files\AVG\AVG8\avgupd.exe"=-
    "C:\Program Files\AVG\AVG8\avgnsx.exe"=-
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    "C:\WINDOWS\explorer.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=-
    "C:\Program Files\AIM\aim.exe"=-
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#9 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 06:13 PM

Hey Syler,
Here is the info from the virus total site.
File name: .811261211181235583101118113995
Submission date: 2010-09-05 23:09:01 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.05 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.05 -
Avast5 5.0.594.0 2010.09.05 -
AVG 9.0.0.851 2010.09.05 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.05 -
Comodo 5984 2010.09.05 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.05 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.05 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.05 -
Jiangmin 13.0.900 2010.09.05 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.05 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.05 -
Microsoft 1.6103 2010.09.05 -
NOD32 5425 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.05 -
Prevx 3.0 2010.09.06 -
Rising 22.63.06.00 2010.09.05 -
Sophos 4.57.0 2010.09.05 -
Sunbelt 6836 2010.09.05 -
SUPERAntiSpyware 4.40.0.1006 2010.09.05 -
Symantec 20101.1.1.7 2010.09.05 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.05 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : 32e0a8813e4d330de0bc1040daea64df
SHA1 : ee093508d9140958314c4a01e7c256fed262bc22
SHA256: 6818ae6793143fc30c8223470efed533f9026470155cb987687f9dc6ba94eeb1
ssdeep: 3:p4uQk3n:Lt
File size : 26 bytes
First seen: 2010-09-05 23:09:01
Last seen : 2010-09-05 23:09:01
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
VT Community


I will be running the OTL next.

Kindest regards,
slojo55

#10 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 07:42 PM

Hey Syler,

here is the results of the run fix from the otl program.


All processes killed
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{03402f96-3dc7-4285-bc50-9e81fefafe43}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1532035262-3237090906-4204032158-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Starting removal of ActiveX control {2FF8D282-F78A-4A33-ABC2-49E72A341482}
C:\WINDOWS\Downloaded Program Files\SFImageUpload1_10.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2FF8D282-F78A-4A33-ABC2-49E72A341482}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF8D282-F78A-4A33-ABC2-49E72A341482}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2FF8D282-F78A-4A33-ABC2-49E72A341482}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF8D282-F78A-4A33-ABC2-49E72A341482}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\fltlib32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ecc6f314600\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18eca3d2-0a09-11de-adae-00114363b6f7}\ not found.
File E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18eca3d2-0a09-11de-adae-00114363b6f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18eca3d2-0a09-11de-adae-00114363b6f7}\ not found.
File E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\103\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG8_TRAY\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CanonMyPrinter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CanonSolutionMenu\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\dla\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HPDJ Taskbar Utility\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxhkcmd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxpers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxtray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msnmsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\My Web Search Bar Search Scope Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Email Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\webHancer Agent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Zune Launcher\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.LEAD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP54 deleted successfully.
ADS C:\wizard.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsiwinfile.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\TLCAPPS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaueng1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuauclt1.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WRITE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmserror.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\windrvNT.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WFXSNT40.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VGA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vaultskn.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\uninscpw.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UFAT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSD32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tfswapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tabctl32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SynCOM.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\suppdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stac97.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SNDVOL32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSVP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSMGRSTR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Richtx32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pscUD111.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIO.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTDOS.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NETMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NeroCheck.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\N124UFW.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml4r.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcr70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcp70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjter35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjet35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSHEARTS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSG723.ACM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSG711.ACM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSACM32.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MLANG.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCICDA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAIN.CPL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LZ32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lffax10N.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfcmp10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfbmp10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LEXP2P32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lexlmpm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LEX2KUSB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\L_INTL.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KDCOM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdjpn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Jpeg32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iuengine.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ir50_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iglicd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igldev32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxtray.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxress.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxpph.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxpers.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxext.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxexps.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxdev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ICMUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuITA.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmdev5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmdd5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iacenc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iac25_32.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HTICONS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzsnt10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzll3xu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hkcmd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hhopen.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GEO.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXSSEND.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FSUSD.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FREECELL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EGA.CPI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\tmcomm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\stac97.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RDPCDD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RASPTI.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RASACD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\PTILINK.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\PalmUSBD.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\omci.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NWLNKFWD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NWLNKFLT.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NV4_MINI.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\IPFLTDRV.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\HSFHWICH.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\HSF_DP.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\HSF_CNXT.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\E100B325.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DMLOAD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\del5422.cty:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BrUsbScn.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BrUsbMdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BrSerWdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BrPar.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\bcm4sbxp.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\AUDSTUB.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\1028_Dell_INS_I1150.mrk:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DMOCX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DFRG.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DellSys.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBGENG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\D3DRM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cpwmon2k.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONTROL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comdlg32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCAT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMLM5y.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CLB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CHARMAP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CDDBUI.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CDDBControl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_950.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_949.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_936.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_932.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_874.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_850.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_437.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28605.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_20127.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1258.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1257.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1256.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1255.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1254.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1253.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1252.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1251.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1250.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrScnRsm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrmfRsmg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrmfLpt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrmfBidi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrBidiIf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BMAPI.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\$WINNT$.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WING32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WING.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\snymsico.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\PATCH.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\opt_2460.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\nsreg.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\mozver.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\KPSYS32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\KPCP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\KPAPI32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\bruninst.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\_DEFAULT.PIF:KAVICHS deleted successfully.
ADS C:\SystemInfo.ini:KAVICHS deleted successfully.
ADS C:\Program Files\Uninstall_CDS.exe:KAVICHS deleted successfully.
ADS C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe:KAVICHS deleted successfully.
ADS C:\ns paper.doc1.doc2.doc2final1.doc:KAVICHS deleted successfully.
ADS C:\ns paper.doc1.doc2.doc2final.doc:KAVICHS deleted successfully.
ADS C:\hpfr3740.log:KAVICHS deleted successfully.
ADS C:\Documents and Settings\TEMP\My Documents\PubWhiteList.pwl:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Voice Studio.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Canon ZoomBrowser EX.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS deleted successfully.
ADS C:\BOOT.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\WINNT256.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\WINNT.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\WINHELP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\WINFAX.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\WFXDEL.BAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\vsapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\VPTNFILE.975:KAVICHS deleted successfully.
ADS C:\WINDOWS\VMMREG32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\VBADDIN.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\VB.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNZIP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNVEContent.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNVEContent.cfg:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNMP.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNMP.cfg:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNeroVision.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNNeroVision.cfg:KAVICHS deleted successfully.
ADS C:\WINDOWS\TWUNK_32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\TWUNK_16.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\TWAIN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsc.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\TSC.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMVAmain.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMVAINFO.xml:KAVICHS deleted successfully.
ADS C:\WINDOWS\tmupdate.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMUPDATE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMADCE.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\XENROLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\XceedFtp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WSHISN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WSHATM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdtrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpns.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpcore.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpcd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmp.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WMERRENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINNLS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINMSD.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINMINE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINHELP.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINFAX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINCHAT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WIN.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WIASF.AX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WFXSVC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WFXMNTHQ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WFXMNT40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WFWNET.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Welsof32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WEBFLDRS.MSI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WDL.TRM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\W32TM.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vorbisenc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vorbis.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VJOY.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\View Channels.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VGA64K.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VGA256.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VGA.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ven2232.olb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VCDEX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAR332.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAME.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Vb40032.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\V7VGA.ROM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRVPA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRV80A.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRV42A.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRDPA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UREG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Unidrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UNICODE.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\umloader.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UCS32P.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TZLog.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TwnLib4.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TwnLib20.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tvqenc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSLABELS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSLABELS.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSKILL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSCUPGRD.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TSCON.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TIMER.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Tiff32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TFTP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TDI-SonyOMG.sc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TDI-SonyOMG.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TCPMON.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSINV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SynTPCoI.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SynCtrl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SWPRV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SUBST.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SUBRANGE.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\STORAGE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Status.MPF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLWID.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spr32d30.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SOUND.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SOL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SLBCSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SKDLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SIntfNT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SIntf32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SIntf16.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SHIFTJIS.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shellstyle.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SHELL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SHARE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SHADOW.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SFC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SETVER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SETUP.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SERVICES.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SECUPD.SIG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SECUPD.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCCBASE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RUNAS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RTM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSVP.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSMUI.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSM.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RSACI.RAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ROUTE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\roboex32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RNR20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RNetSrv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RICHED32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RESET.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REPLACE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REGINI.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REDIR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RECOVER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASSER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASRAD.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASMXS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASCTRS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RASCTRNM.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qdiagls.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pscVSWIA.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PRINT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ppremove.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pport_res.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\popup.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PMSPL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PING6.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\picn20.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFWCI.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFWCI.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFTS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFI009.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFFILT.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFFILT.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFD009.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFCI.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PERFCI.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PENTNT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pdrvinst.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PCL.SEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pc_fax32.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PATHPING.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PAQSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PANMAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PalmDevC.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLESVR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLECLI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLE2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ogg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oemdspif.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBIOS.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTSD.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIO804.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIO412.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIO411.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIO404.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.THA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.SVE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.NLD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.ITA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.FRA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.ESN:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.ENU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.ENG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.DEU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.CHT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NOISE.CHS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NETUI2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NETH.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NETAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NET.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NCPA.CPL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MYDLL.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVCRT10.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcr71.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcp71.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvci70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msrd2x35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSR2C.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Msinet.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSG.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAL.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSACM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MRINFO.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPRUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MOUSE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MONITOR.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MODEX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Modem.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MODE.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MMTASK.TSK:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MMSYSTEM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MMDRV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MIB.BIN:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfcuiw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfcuia32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc71u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc71.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc70u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFC40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MEM.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MDHCP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCD32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPISVC.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lttwn10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltocx10n.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltkrn10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltimg10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltfil10N.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltefx10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltdis10n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LRNXP.ICO:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LPR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LPQ.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LODCTR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LOADFIX.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lftif10N.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LEXPPS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LEXBCES.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LANMAN.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LABEL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KRNL386.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KOREAN.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KEYBOARD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KEY01.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDUK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSW.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDSF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDRU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDRO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDPO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDPL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDNO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDNE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDMON.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDLV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDLT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDLA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDIT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDIR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDIC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDHE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDGR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDFR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDFO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDFI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDFC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDEST.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDES.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDDV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDDA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDCA.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDBU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDBR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDBE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDAL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd103.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd101c.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd101b.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KB16.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KANJI_2.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KANJI_1.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JGSH400.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JGSD400.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JGMD400.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JGAW400.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JET500.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ivfsrc.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IPROP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INSTCAT.SQL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INLOADER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Inetwh32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IMPLODE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ImagXRA7.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ImagXR7.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ImagXpr7.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ImagX7.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igxpxs32.vp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igxpxk32.vp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igxpxa32.vp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxzoom.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrita.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxresp.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrell.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxrara.lrc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhita.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxdo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxcfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IDEOGRAF.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IDEDrv.vxd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASSDO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASSAM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASRECST.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASNAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASADS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IASACCT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuESP.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuENG.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuELL.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmudlg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuARB.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmuARA.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmrem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmgicd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmgdev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HSFCI008.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzcon10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzcoi10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HOMEPAGE.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HNETMON.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HIMEM.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HAF9SE8J.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GTrnPrXP.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gtdownls_95.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GPCIENU.VXD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GLMF32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GETUNAME.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GDI.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GCDEF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GB2312.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\G711CODC.AX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXSROUTE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXSPERF.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXSCOUNT.H:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXSCFGWZ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Fxdb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FXAB32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FMIFS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FM20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FLKill.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FINGER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FIND.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EXPAND.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EULA.TXT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ESENT97.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EqnClass.Dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\emptyregdb.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EmailShared.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EDLIN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EDIT.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EDIT.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ECBTEG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EBPPORT4.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EBPMON24.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EBPCHP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EAL32.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EAL32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EAL.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\E_SAGSET.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DView.cfg:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DSSEC.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DSOUND.VXD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ds16gt.dLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drmstor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ROOTMDM.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\DXAPI.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DPLAY.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DOSX.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DMINTF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DLPT.VXD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\brusbscn.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\brusbmdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\brserwdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\brfilt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DIMAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DIACTFRM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DESKMON.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DESKADP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\declrds.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DEBUG.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DDMI.VXD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DDEML.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DCCWFP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DCCMSP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DCCEXT32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\D3DXOF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\D3DRAMP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\D3DPMESH.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\D3DIM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CTYPE.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CTL3D32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CRYSTL32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Crpe32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Crpaig32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cpwsave.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONVERT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\config\SYSTEM.SAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\config\SOFTWARE.SAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\config\DEFAULT.SAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONFIG.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMPACT.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMMAND.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comctl32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNQU70.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMVS5y.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMVS45.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMLM45.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CMOS.RAM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CLICONF.CHM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CKCNV.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CIADV.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CHCP.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cc3250mt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CALC.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_875.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_869.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_866.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_865.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_863.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_861.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_860.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_857.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_855.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_852.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_775.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_737.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_500.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28603.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28599.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28598.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28597.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28595.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28594.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28593.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28592.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28591.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_21866.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_20905.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_20866.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_20261.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_1026.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10082.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10081.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10079.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10029.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10017.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10010.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10007.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10006.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_10000.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_037.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BSSpread.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BSelList.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Brwebup.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrWebIns.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BRMFPMON.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\brinsstr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\brfxdial.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\brcoinst.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BOPOMOFO.UCE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BIOS4.ROM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BIOS1.ROM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BInstDll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BD2040.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BACSCPL.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AXCTRL32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AXAUTCTL.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Awrtl30.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\awpe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVWAV.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVTAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVMETER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVICAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ATRACE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atl71.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atl70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ARP.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\APPEND.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\APCUPS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ANSI.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AdobeFnt.lst:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveActX.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\activeactx.ITA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveActX.FRA:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveActX.ESP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveActX.ENU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ActiveActX.DEU:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\401COMUPD.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\12520850.CPX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\12520437.CPX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\$NCSP$.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WOWPOST.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WINASPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WFWNET.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VGA.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TIMER.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SYSTEM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\STDOLE.TLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SOUND.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SHELL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SETUP.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLESVR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLECLI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MSVCRT40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MOUSE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MMTASK.TSK:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MFC40.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCISEQ.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIAVI.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\Iconlib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\Epsonlog.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\COMMDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVIFILE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVICAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\Status.mif:KAVICHS deleted successfully.
ADS C:\WINDOWS\SPROF32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\smscfg.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\SETUPLOG.DEL:KAVICHS deleted successfully.
ADS C:\WINDOWS\SETUPAPI.DEL:KAVICHS deleted successfully.
ADS C:\WINDOWS\SETUPACT.DEL:KAVICHS deleted successfully.
ADS C:\WINDOWS\SETPWRCG.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\runtsckl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\RMAgentOutput.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\River Sumida.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\PowerReg.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\PhotoBase Screen Saver.scr:KAVICHS deleted successfully.
ADS C:\WINDOWS\patchw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\PalmDevC.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\ORUN32.ISU:KAVICHS deleted successfully.
ADS C:\WINDOWS\ORUN32.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBCINST.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\NeroDigital.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\MSDFMAP.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\mp10oem.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\lpt$vpn.975:KAVICHS deleted successfully.
ADS C:\WINDOWS\loadhttp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\lexstat.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\KPCMS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\kcm2sp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\iccsigs.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\hpbvspst.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\hpbvspst.his:KAVICHS deleted successfully.
ADS C:\WINDOWS\hcextoutput.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\Greenstone.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Gone Fishing.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\GetServer.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\FeatherTexture.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\EXPLORER.SCF:KAVICHS deleted successfully.
ADS C:\WINDOWS\EReg515.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\EReg077.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\Epsonpl.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\EPSC66EF.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\dllTSCLIBMT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\dla.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\disneysy.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\disney.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\D9H7ADHB.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\Cvrpage.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Coffee Bean.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\CLOCK.AVI:KAVICHS deleted successfully.
ADS C:\WINDOWS\cdplayer.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\brwmark.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\BRPP2KA.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\Brpcfx.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\brmx2001.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\BPMNT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\BOOTSTAT.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\Blue Lace 16.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\AuHCcup1.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\AuHCcup1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\aucfg.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\ActiveAct.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\1.sim:KAVICHS deleted successfully.
ADS C:\NNAVM_2_Pages.pdf:KAVICHS deleted successfully.
ADS C:\log.txt:KAVICHS deleted successfully.
ADS C:\IPH.PH:KAVICHS deleted successfully.
ADS C:\INFCACHE.1:KAVICHS deleted successfully.
ADS C:\index.html:KAVICHS deleted successfully.
ADS C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS deleted successfully.
ADS C:\Documents and Settings\TEMP\NTUSER.INI:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS deleted successfully.
ADS C:\aug10 .htpasswd:KAVICHS deleted successfully.
ADS C:\WINDOWS\WindowsUpdate.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\WIASERVC.LOG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WPA.DBL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WgaTray.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WgaLogon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ticrf.rat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mfc42u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzll4v2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzll4pi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\TNET1130x.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\FwRad16.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupapi.log.0.old:KAVICHS deleted successfully.
ADS C:\WINDOWS\SchedLgU.Txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\hegames.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\DatabaseID:KAVICHS deleted successfully.
ADS C:\WINDOWS\BRMFBIDI.INI:KAVICHS deleted successfully.
ADS C:\hook.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\FwRad17.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrEvIF.dll:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\WINDOWS\uninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pscND111.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PSCLU111.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OLEACC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMINFO.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Msjint35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPI32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lxbcpwr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LEXBCE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iyvu9_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ir32_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hccutils.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsclntR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drmclien.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NETMDUSB.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NETMD033.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\NETMD031.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\BrFilt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CARDS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrSerIf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BrmfUSB.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\IsUninstAct.exe:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgnsx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Brontai
->Temp folder emptied: 113446777 bytes
->Temporary Internet Files folder emptied: 445253271 bytes
->Java cache emptied: 1241486 bytes
->FireFox cache emptied: 2280761 bytes
->Flash cache emptied: 341001 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: George A
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1963218 bytes
->Java cache emptied: 24320442 bytes
->FireFox cache emptied: 2476775 bytes
->Flash cache emptied: 70022 bytes

User: Guest
->Temp folder emptied: 18796549 bytes
->Temporary Internet Files folder emptied: 170624173 bytes
->Java cache emptied: 325038 bytes
->Flash cache emptied: 33934 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3400589 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34704 bytes

User: TEMP
->Temp folder emptied: 34679230 bytes
->Temporary Internet Files folder emptied: 23288574 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21854804 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 160921600 bytes
->Flash cache emptied: 2801850 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2226688 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 688830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 175766620 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3456606 bytes

Total Files Cleaned = 1,160.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Brontai
->Flash cache emptied: 0 bytes

User: Default User

User: George A
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09052010_161852

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




I will rescan and post the additional results immediately,

Kindest regards,
slojo55


#11 slojo55

slojo55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 September 2010 - 07:54 PM

Syler,

Here is the last olt scan.

OTL logfile created on: 9/5/2010 5:31:24 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 12.45 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: George A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/07/23 05:59:14 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/08/14 14:39:48 | 000,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
PRC - [2004/07/27 20:11:14 | 005,434,880 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
PRC - [2004/04/21 19:26:56 | 000,778,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
PRC - [2000/09/28 22:58:42 | 000,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/04/21 19:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)
SRV - [2004/01/30 14:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004/01/30 14:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
SRV - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2009/02/24 00:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\zgchsmdm.sys -- (zgchsmdm)
DRV - [2009/02/24 00:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\zgchsdiag.sys -- (zgchsdiag)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/08 09:04:20 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanUZXP.SYS -- (NB762_XP)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/30 19:12:56 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2006/04/14 22:54:59 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\windrvNT.sys -- (windrvNT)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/20 10:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/05/13 18:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/05/06 22:47:10 | 000,079,616 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GV4SRV)
DRV - [2004/03/10 20:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TNET1130x.sys -- (TNET1130x)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/30 19:40:08 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2004/01/02 09:44:22 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/11/13 17:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 17:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 17:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/08 16:34:24 | 000,032,084 | R--- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adsexpb.sys -- (ADSEXPB)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/12 20:04:10 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/04/24 14:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV - [2003/04/22 14:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/30 10:52:50 | 000,011,904 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\FADXP32.sys -- (FAD)
DRV - [2002/08/08 14:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/10/01 06:37:40 | 000,017,432 | R--- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 12:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 12:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 12:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/27 20:16:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/28 02:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/01 15:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 15:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/28 21:37:10 | 000,000,000 | ---D | M]

[2010/08/28 03:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Extensions
[2009/07/19 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/28 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\qs4zwzt4.default\extensions
[2010/08/28 21:32:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\qs4zwzt4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/28 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 14:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/27 14:37:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\TEMP\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\George A\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146826100339 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/41/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 16:18:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/05 12:41:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/09/05 12:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Desktop\desktop
[2010/08/29 02:54:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/29 02:53:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/29 02:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/28 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/08/28 15:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/28 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/27 22:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/27 20:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/27 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/27 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/27 20:28:15 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/08/27 20:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/27 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/27 20:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/08/27 20:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/27 20:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/08/27 20:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/08/27 15:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/27 14:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/27 14:38:15 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/27 14:38:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/27 14:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/27 14:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 01:21:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TEMP\Recent
[2010/08/26 23:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Funk Software
[2010/08/26 23:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/08/26 22:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\My Documents\Downloads
[2010/08/26 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Temp
[2010/08/26 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Deployment
[2010/08/26 21:01:08 | 000,000,000 | ---D | C] -- C:\c30e2f712dc3a01a8acb2554
[2010/08/26 20:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/08/10 11:03:22 | 000,000,000 | ---D | C] -- C:\a8a980aece7b04a939
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[3 C:\Documents and Settings\TEMP\My Documents\*.tmp files -> C:\Documents and Settings\TEMP\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/05 17:38:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0B67ADB-B1EF-436F-8327-CF4E8FA4006C}.job
[2010/09/05 17:37:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E481A751-3F64-449E-BBF8-3C62A9D881D0}.job
[2010/09/05 17:35:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DFFD3870-6200-4648-BC21-C6ADC88F7B5C}.job
[2010/09/05 17:27:20 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/05 17:25:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/05 17:23:18 | 000,000,748 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/05 17:23:13 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/05 17:23:13 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 17:23:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 17:22:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/05 17:22:56 | 1072,062,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 17:21:49 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\TEMP\NTUSER.DAT
[2010/09/05 17:21:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TEMP\NTUSER.INI
[2010/09/05 12:42:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/09/05 00:46:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532035262-3237090906-4204032158-1006Core.job
[2010/09/02 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/01 23:39:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/29 02:54:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 23:28:48 | 000,061,976 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 23:27:59 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/28 15:20:19 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/28 03:22:14 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/28 03:22:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/28 02:46:08 | 000,491,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 02:46:08 | 000,434,706 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/28 02:46:08 | 000,068,444 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/28 00:44:30 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/28 00:40:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/27 21:25:29 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 21:19:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 14:37:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/27 14:37:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/27 14:37:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/27 14:37:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 14:37:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/26 23:06:47 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[3 C:\Documents and Settings\TEMP\My Documents\*.tmp files -> C:\Documents and Settings\TEMP\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/29 02:54:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 23:28:48 | 000,061,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 23:27:59 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/28 23:27:58 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/28 15:37:14 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/28 15:20:19 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/28 03:22:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/28 03:22:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/28 00:44:30 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/28 00:41:57 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532035262-3237090906-4204032158-1006Core.job
[2010/08/27 21:01:07 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 20:29:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/26 23:06:45 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk
[2010/04/12 22:25:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\fusioncache.dat
[2010/01/04 20:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/07/31 12:27:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2009/04/01 12:41:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\TEMP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:04:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/29 21:04:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/29 21:04:37 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/29 21:03:53 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/12/17 15:55:32 | 000,000,393 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/08/29 15:22:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2006/05/03 22:09:42 | 000,000,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/14 22:54:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2006/04/14 22:54:59 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2006/03/14 13:04:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/05 16:25:44 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/11/01 14:19:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/30 17:43:40 | 000,014,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/30 17:43:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/10/24 17:31:04 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/07/27 10:10:46 | 000,001,173 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/07/21 11:42:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/07/21 11:41:55 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66EF.ini
[2005/07/15 12:38:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/03 10:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 10:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/24 19:26:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/04/24 19:17:07 | 000,000,931 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/24 19:15:46 | 000,000,202 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2005/02/16 15:25:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/02/10 00:54:53 | 000,000,243 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2005/02/09 00:49:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2005/02/07 23:44:33 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/07 23:44:33 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/02/07 23:16:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/06 02:53:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/02/06 00:26:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/05 03:25:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/02/05 03:25:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/05 03:19:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Epsonpl.ini
[2005/02/04 22:08:48 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2005/02/04 22:08:43 | 000,000,422 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/02/04 22:08:43 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/02/04 22:08:32 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2005/02/04 22:06:17 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/02/02 23:37:09 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005/02/02 23:28:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2005/02/02 23:18:55 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS45.DLL
[2005/02/02 23:13:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/02 23:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2005/02/02 22:59:39 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2005/02/02 22:59:38 | 000,000,314 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2005/02/02 22:59:35 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2005/02/02 22:56:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/13 13:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/13 13:48:00 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/13 13:40:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/12/13 12:58:08 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/09/07 23:56:36 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/07 23:56:36 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/07 23:56:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/05 11:03:50 | 000,411,648 | ---- | C] () -- C:\WINDOWS\System32\RegProc.dll
[2002/09/11 10:31:28 | 000,384,000 | ---- | C] () -- C:\WINDOWS\System32\ShareReg.dll
[2002/08/12 08:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/01/11 11:25:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2002/01/08 15:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
< End of report >


Let me know what your final analysis is.

Kindest regards,

slojo55

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:29 AM

Posted 06 September 2010 - 06:23 AM

Your logs are looking ok to me, let's do one more check to make sure, can you tell me if you are still having any problems.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then please post back with the Kaspersky report and a new HijackThis log, thanks.

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:29 AM

Posted 10 September 2010 - 05:38 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users