Sign in to follow this  
ljyates

"Help with this slow computer"!

Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. 

 



thisisujrt.gif Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 



NEXT

 

 

 

 

AdwCleaner

Please download  adwcleaner by Xplode onto your desktop..
   * Close all open programs and internet browsers.
   * Double click on AdwCleaner.exe to run the tool.
   *  Click on Delete button.
   *  A logfile will automatically open after the scan has finished.
   *  Please post the contents of that logfile with your next reply.
   *  You can find the logfile at C:\AdwCleaner[s1].txt. as well.

 

 

 

 

 

NEXT

 




MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



Please don't attach the scans / logs, use "copy/paste".


NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:
1. Junkware Removal Tool log

2. AdwCleaner
3. Malwarebytes Log
4. OTL.txt and Extras.txt (if a Extras.txt is produced)


Thanks
Chuck

Share this post


Link to post
Share on other sites

This is Chuck on Lindas computer. I am gonna be posting for her so she can see what i do !!

The AdwCleaner log:

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 21:26:09

# Updated 19/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : LINDA YATES - LINDA

# Boot Mode : Normal

# Running from : C:\Documents and Settings\LINDA YATES\Local Settings\Temporary Internet Files\Content.IE5\YBR1F5L4\adwcleaner[1].exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\DOCUME~1\LINDAY~1\LOCALS~1\Temp\APN

Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\alotappbar

Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\AskPartnerNetwork

Folder Deleted : C:\Program Files\AskPartnerNetwork

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [3176 octets] - [21/07/2013 21:26:09]

########## EOF - C:\AdwCleaner[s1].txt - [3236 octets] ##########

Share this post


Link to post
Share on other sites

I ran Combofix on this computer ! Here are the results after 56 minutes of scan time ! Now will spend time reading the log !

 

ComboFix 13-07-22.01 - LINDA YATES 07/22/2013  10:10:59.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.159 [GMT -6:00]
Running from: c:\documents and settings\LINDA YATES\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\LINDAY~1\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT_IE.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\LINDA YATES\Local Settings\Temp\AFF1.tmp\F_IN_BOX.dll
c:\program files\MyWaySA
c:\windows\explorer(2)(2).exe
c:\windows\explorer(2).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\Drivers\afd(2)(2).sys
c:\windows\system32\Drivers\afd(2).sys
c:\windows\system32\lpk(2)(2).dll
c:\windows\system32\lpk(2).dll
c:\windows\system32\lpk(3)(2).dll
c:\windows\system32\lpk(3).dll
c:\windows\system32\lpk(4).dll
c:\windows\system32\lpk(5).dll
c:\windows\system32\regsvr32(2)(2).exe
c:\windows\system32\regsvr32(2).exe
c:\windows\system32\services(2)(2).exe
c:\windows\system32\services(2).exe
c:\windows\system32\services(3)(2).exe
c:\windows\system32\services(3).exe
c:\windows\system32\services(4).exe
c:\windows\system32\services(5).exe
c:\windows\system32\SET686.tmp
c:\windows\system32\SET68D.tmp
c:\windows\system32\SET68F.tmp
c:\windows\system32\SET69B.tmp
c:\windows\system32\SET6A4.tmp
c:\windows\system32\SET6A5.tmp
c:\windows\system32\SET6A6.tmp
c:\windows\system32\SET6A9.tmp
c:\windows\system32\usp10(2)(2).dll
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3)(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\system32\usp10(4).dll
c:\windows\system32\usp10(5).dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-22 16:39 . 2013-07-22 16:40    29904    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys
2013-07-22 16:38 . 2013-07-22 16:38    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2013-07-22 15:30 . 2013-07-22 15:30    29904    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl318d0fea.sys
2013-07-22 15:13 . 2013-07-22 15:14    --------    d-----w-    c:\documents and settings\Administrator
2013-07-22 15:08 . 2013-07-22 16:33    --------    d-----w-    c:\documents and settings\LINDA YATES\Application Data\DefaultTab
2013-07-22 05:18 . 2013-07-22 05:18    --------    d-----w-    c:\documents and settings\LINDA YATES\Application Data\Malwarebytes
2013-07-22 05:16 . 2013-07-22 05:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-22 04:23 . 2013-07-22 04:23    --------    d-----w-    c:\windows\ERUNT
2013-07-22 04:13 . 2013-07-22 04:13    --------    d-----w-    c:\documents and settings\LINDA YATES\Local Settings\Application Data\Mozilla
2013-07-22 04:12 . 2013-07-22 04:12    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-07-22 01:59 . 2013-07-22 02:00    --------    d-----w-    C:\0c102d0dacfb0749f8b42af839
2013-07-21 18:03 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\mpengine.dll
2013-07-21 15:12 . 2013-07-21 15:12    --------    d-----w-    c:\documents and settings\LINDA YATES\Local Settings\Application Data\PCHealth
2013-07-19 05:16 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-18 18:32 . 2013-07-18 18:32    --------    d-----w-    C:\3e5638b21639e1c0ad9931ca25bf1b
2013-07-17 18:22 . 2013-07-17 18:23    --------    d-----w-    C:\1d36c0e0916e5849628156941af2
2013-07-17 12:15 . 2013-07-17 12:26    --------    d-----w-    C:\7c8dc7450c6afe3ded9f4d1a06
2013-07-17 02:36 . 2013-07-17 02:38    --------    d-----w-    C:\2badc23d429e920ae7e2da11
2013-07-16 01:18 . 2013-07-16 01:19    --------    d-----w-    C:\ca53712bded28ebcfa42d1
2013-07-14 02:12 . 2013-07-14 02:13    --------    d-----w-    C:\71443b4c170849a7410d
2013-07-12 02:10 . 2013-07-12 02:11    --------    d-----w-    C:\9c9efca20cb418dea773f9fb7d
2013-06-24 12:24 . 2013-05-02 08:06    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-06-24 12:23 . 2013-06-24 12:28    --------    d-----w-    C:\7254f845314d39f5eb3ec0
2013-06-24 12:10 . 2013-06-24 12:13    --------    d-----w-    c:\program files\Microsoft Security Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:27 . 2012-10-05 22:11    692104    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 16:27 . 2011-06-15 01:37    71048    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 16:24 . 2013-06-12 16:23    8610696    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 05:55 . 2004-08-10 17:51    385024    ------w-    c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 17:51    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 17:51    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 17:51    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 17:51    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 17:51    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-06-02 13:20 . 2013-06-02 13:20    1409    ----a-w-    c:\windows\QTFont.for
2013-05-09 06:28 . 2006-10-19 03:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2004-08-10 17:51    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 03:59    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\progra~1\MODEMO~1\MOH.exe" [2003-11-17 86016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-14 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Gearbox"="c:\program files\Gearbox Connection Kit\bin\confsvr.exe" [2003-02-17 143360]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-22 155648]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-08 1511424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-01-17 1884576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
.
c:\documents and settings\LINDA YATES\Start Menu\Programs\Startup\
desktop(2).ini [2004-8-10 84]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [6/14/2006 11:10 PM 18208]
R1 MpKsl0550bc22;MpKsl0550bc22;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys [7/22/2013 10:39 AM 29904]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/2/2009 11:13 PM 198608]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0550BC22
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 16:27]
.
2013-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-13 19:45]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20]
.
2013-07-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]
.
2013-07-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;<local>;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\

FF - ExtSQL: 2013-07-22 09:08; [email protected]; c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupport- - c:\program files\Dell Support\DSAgnt.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-22 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{2715*F81-0877-42E9-AF13-55E5A3439A26}]
"Compatibility Flags"=dword:00000400
"Pst"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\docume~1\LINDAY~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kodak\AiO\center\KodakSvc.exe
c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\program files\Gearbox Connection Kit\bin\gbConMon.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Gearbox Connection Kit\bin\gbTask.exe
.
**************************************************************************
.
Completion time: 2013-07-22  10:59:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-22 16:58
.
Pre-Run: 50,035,003,392 bytes free
Post-Run: 50,995,793,920 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 966158CF074F7C6B168B527C961FDC34
B16A2359F4962B0C622D81A1C1F4B703
 

Share this post


Link to post
Share on other sites

Running lots faster !!!

 

1. Install Java

  • Get the current version of Java (Version 7 Update 25) by going to http://java.com/en/download/manual.jsp
  • Select the appropriate version of Java and follow the onscreen instructions to update if necessary.

=========================

2. Disable Java in Web Browsers

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50...ers-683721.html



  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.
  • Disable Java through the Java Control Panel
     
  • In the Java Control Panel, click on the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart the browser for changes to take effect.

 

=========================

  • 2. Reboot

 

 

 

Chuck

Edited by ljyates

Share this post


Link to post
Share on other sites

Going to uninstall Combofix now !!!

 

Click on the Start button and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.

Share this post


Link to post
Share on other sites

This scan will take a little while so be patient ! Do Not use the computer or mouse while it's running !!

Download OldTimer to your desk top ! >>> http://oldtimer.geekstogo.com/OTL.exe


If you already have a copy of OTL delete it and use this version.

(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output.
o Lop check.
o Purity check.


* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

*This may have to be broken into more than one post !

Share this post


Link to post
Share on other sites

Otl scan next :

 

OTL logfile created on: 7/22/2013 6:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\LINDA YATES\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
 
Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/22 18:31:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LINDA YATES\My Documents\Downloads\OTL.exe
PRC - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/18 08:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2009/04/07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/13 18:11:53 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/09/14 07:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2003/02/17 17:41:00 | 000,032,768 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
PRC - [2003/02/17 17:39:58 | 000,028,672 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
PRC - [2003/02/17 17:39:50 | 000,143,360 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/21 23:46:19 | 000,090,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\TaskScheduler\d2a934cebc35c9af755cb4d6454aac6c\TaskScheduler.ni.dll
MOD - [2013/07/21 23:02:45 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Localization\f6831fdd3a37892c1aa7612e022efba4\Localization.ni.dll
MOD - [2013/07/21 23:01:59 | 000,051,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Diagnostics\960866d7e3a2d891882b1731dd3e3b41\Kodak.Diagnostics.ni.dll
MOD - [2013/07/21 23:01:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8f3e54440f3742da409131428ad1bce1\System.ServiceProcess.ni.dll
MOD - [2013/07/21 22:59:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll
MOD - [2013/07/21 22:58:12 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Utilities\ae9a0d84041111f364c18112891ec933\Kodak.Utilities.ni.dll
MOD - [2013/07/21 22:57:47 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Automation\ea24eb97559545f36492751b7d625312\Kodak.Automation.ni.dll
MOD - [2013/07/21 22:57:42 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\2a21bc7eeea4a1af1d4d1288f101eed7\System.Deployment.ni.dll
MOD - [2013/07/21 22:56:46 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013/07/21 21:23:48 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013/07/21 21:22:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013/07/21 21:21:38 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/21 21:05:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/21 21:04:29 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/06/18 08:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/07/19 19:16:01 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/09/14 07:50:46 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\TrackUtils.dll
MOD - [2004/09/14 07:50:42 | 000,434,176 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\CoreDll.dll
MOD - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 16:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 16:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 16:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/06/08 19:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/18 08:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 10:27:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2005/09/13 18:11:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/01/14 11:37:40 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/07/20 21:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions
[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions
[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
[2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/07/22 10:39:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Gearbox] C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe (Rockstar Software)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\Modem On Hold\moh.exe (BVRP Software)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348713577843 (MUWebControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10C9E85A-042C-4BF3-859C-94A5EAE1FC16}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E85CC59-5733-4A2F-B608-DAC10433B561}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/22 18:02:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/22 17:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/07/22 17:52:02 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/22 17:52:01 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/22 17:52:00 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/22 17:52:00 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/22 17:51:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/22 17:51:50 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/22 17:51:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/22 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/22 10:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/22 09:35:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/22 09:32:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/22 09:32:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/22 09:32:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/22 09:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/22 09:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\DefaultTab
[2013/07/22 08:50:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/22 08:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/21 23:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Malwarebytes
[2013/07/21 23:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/21 22:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Mozilla
[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla
[2013/07/21 22:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/21 22:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/21 22:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/21 19:59:41 | 000,000,000 | ---D | C] -- C:\0c102d0dacfb0749f8b42af839
[2013/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\PCHealth
[2013/07/18 12:32:10 | 000,000,000 | ---D | C] -- C:\3e5638b21639e1c0ad9931ca25bf1b
[2013/07/17 12:22:08 | 000,000,000 | ---D | C] -- C:\1d36c0e0916e5849628156941af2
[2013/07/17 06:15:06 | 000,000,000 | ---D | C] -- C:\7c8dc7450c6afe3ded9f4d1a06
[2013/07/16 20:36:51 | 000,000,000 | ---D | C] -- C:\2badc23d429e920ae7e2da11
[2013/07/15 19:18:45 | 000,000,000 | ---D | C] -- C:\ca53712bded28ebcfa42d1
[2013/07/13 20:12:22 | 000,000,000 | ---D | C] -- C:\71443b4c170849a7410d
[2013/07/11 20:10:07 | 000,000,000 | ---D | C] -- C:\9c9efca20cb418dea773f9fb7d
[2013/06/24 06:24:24 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/06/24 06:23:39 | 000,000,000 | ---D | C] -- C:\7254f845314d39f5eb3ec0
[2013/06/24 06:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/22 18:24:20 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/22 18:22:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/22 17:51:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/22 17:51:16 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/22 17:51:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/22 17:51:15 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/22 17:51:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/22 17:51:13 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/22 17:51:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/22 17:48:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 17:26:57 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/22 17:16:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/22 17:15:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 17:15:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/22 17:15:37 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 10:39:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/22 09:36:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/22 09:07:50 | 000,002,195 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk
[2013/07/21 22:12:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/21 22:12:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/21 20:56:24 | 000,518,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/21 20:56:24 | 000,103,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/21 14:50:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/07/21 10:08:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/21 09:06:13 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 22:43:16 | 007,924,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2013/07/11 22:43:06 | 003,984,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2013/06/29 07:57:54 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2013/06/28 22:19:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/24 06:13:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/22 09:36:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/22 09:36:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/22 09:32:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/22 09:32:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/22 09:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/22 09:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/22 09:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/22 09:25:38 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/22 09:07:37 | 000,002,195 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk
[2013/07/21 22:12:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/21 22:12:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/21 22:12:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/18 23:01:37 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/06/29 07:57:52 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2013/06/24 06:23:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/06/24 06:13:58 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/06/24 06:13:01 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/14 13:33:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/01/27 22:43:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 15:52:55 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/20 20:07:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB
[2005/10/20 20:07:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB
[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2).ini
[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini
 
========== ZeroAccess Check ==========
 
[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WgaNotify.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\tsiwinfile.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprof32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsa64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxhpinst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpya64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Px.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pncrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr71(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp71(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomctl.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpsys32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpcp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\intelmoh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Edcrypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ultra.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\toside.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc8xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc810.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_u3.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_hi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sparrow.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1280.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1240.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql12160.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1080.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pxhelp20.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2hib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NetMotCM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mraid35x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mohfilt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC53.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC52.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC51.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ini910u.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hpn.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hotcore.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dpti2o.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac960nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cpqarray.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmdide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asctrm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3550.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3350p.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\amsint.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aliide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78u2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aha154x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\setupapi.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NLSDownlevelMapping.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB925398.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923689.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922582.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB917953.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB913580.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB912812.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911567.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911565.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911562.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB908531.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB900485.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iun6002.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7_main.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IDNMitigationAPIs.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\setup.dbg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\QuickTime\qttask.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ImgData.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Outlook Express(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\To Whom it may concern.wpd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\IconCache.db:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Try WordPerfect.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Simple Start Edition.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Owner's Manual.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\MyDVD LE.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with Sonic DigitalMedia LE.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wudf01000Inst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmsetup10.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmp11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMFDist11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XceedFtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WnASPI32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmadmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(5).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(4).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VXBLOCK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm(2).tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMLoader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tdc(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysdm(2).cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPR32X30.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shgina(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(7).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sclgntfy(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schedsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rmoc3260.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\remotepg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RegDomainData.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qt-mt323.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagd.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxWave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxSFS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxMas.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PTPITCP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Prounstl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PrintAPI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prefscpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swnat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swenh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500sn.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500se.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5032.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5016.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_nat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_enh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swnat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swenh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3sn.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3se.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_nat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_enh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olethk32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecnv32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netplwiz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netid(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\natural.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3_win.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat2.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4)(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcirt.dll.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstask(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshtmler(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msflxgrd.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(5).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(4).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3)(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2)(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mschrt20.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mp43dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mhwt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logonui(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmrt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\licmgr10(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPMUI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDIDs.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPD.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KodakOneTouch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kcm2sp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecAT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelNic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelCci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inseng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieuinit(2).inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iesetup(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieencode(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrnt5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdnt5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdev5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdd5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2)(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_chimera.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_92m.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_chimera.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_92m.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enhanced.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3_win.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh2.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100bmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100b325.din:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDRProX.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxg(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2).SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2)(2).SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pngfilt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modemcsa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jscript(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inseng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iepeers(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iedw(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtrans(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtmsft(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\custsat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\datime(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\danim(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctfmon(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptnet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdfview(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrvut(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capicom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browsewm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appwiz(2).cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\advpack(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\admparse(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setpwrcg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGULOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msxml4-KB936181-enu.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSCompPackV1.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB946026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944653.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944533-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943485.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943460.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943055.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942763.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942615-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941644.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941569.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941568.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941202.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939683.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939653-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938829.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938828.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938127-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB937143-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936782.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936357.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935840.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935839.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933729.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933566-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933360.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB932168.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931784.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931768-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931261.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930916.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930178.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929969.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929399.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929338.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929123.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928843.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928090-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927891.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927802.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927779.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926436.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926239.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925902.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925486.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925454.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924667.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924496.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924270.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924191.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923723.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923694.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923414.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923191.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922819.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922760.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB921503.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB920213.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918439.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918118.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917734.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917344.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB916281.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB915865.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914440.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914389.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB913446.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB912919.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911927.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911564.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB910437.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB908519.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905915.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905749.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905414.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904942.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904706.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB902400.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901214.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901017.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB900725.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899591.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899588.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899587.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896727.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896688.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896424.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896423.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB894391.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893756.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hotcore.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2)(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\March 27.wpd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Desktop\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ActivationFile.htm:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB922616.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921883.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921398.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920685.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920683.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920670.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920214.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB919007.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB918899.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917159.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB916595.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB914388.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911280.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB901190.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\KB920872.log:KAVICHS
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Dell.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\resume.wpd:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\Real\RealPlayer\RealPlay.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\LindaJ.wpd:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS

< End of report >
 

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 7/22/2013 6:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\LINDA YATES\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
 
Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C43CD5-764F-4687-AA44-53272D45456B}" = PC Backup
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537370ED-F372-4ABD-8D9C-58B7BA076528}" = Bresnan OnLine
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Browser Defender_is1" = Browser Defender 3.0.0.11
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:43:56 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:45:40 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

Removing OTL findings from logs !!

 

We need to Run an OTL fix !!
* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the customFix.png. Do not include the word Code

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11
FF - user.js - File not found
[2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions
[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions
[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
[2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found

 

:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post OTL fix log please !!
 

Share this post


Link to post
Share on other sites

OTL fix !!

 

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service TfSysMon stopped successfully!
Service TfSysMon deleted successfully!
File system32\drivers\TfSysMon.sys not found.
Service TfNetMon stopped successfully!
Service TfNetMon deleted successfully!
File C:\WINDOWS\system32\drivers\TfNetMon.sys not found.
Service TfFsMon stopped successfully!
Service TfFsMon deleted successfully!
File system32\drivers\TfFsMon.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: Unable to stop service MpKsl0550bc22!
Service\Driver key MpKsl0550bc22 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Service AFGMp50 stopped successfully!
Service AFGMp50 deleted successfully!
File System32\Drivers\AFGMp50.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{547EEAAC-3665-4e6c-B326-C622D698543A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions folder moved successfully.
C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions folder moved successfully.
File C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected] not found.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LINDA YATES
->Java cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LINDA YATES
->Flash cache emptied: 492 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LINDA YATES
->Temp folder emptied: 207550 bytes
->Temporary Internet Files folder emptied: 3222523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15725501 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 5398 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4876 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 18.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07222013_200117

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Share this post


Link to post
Share on other sites

Clean up with OTL


Right-click OTL.exe and select " Run as administrator " to run it.
This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


==========================



One last Scan :


Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Please go here >>> http://www.eset.com/...escan/index.php

Share this post


Link to post
Share on other sites

Linda your computer is clean & running much faster !! Thank you for letting me and BestTechie assist you in the cleaning ! If you have any questions please feel free to contact me or one of the BestTechie mods !!

 

========================

 

 

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:


 1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  * From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the  Security tab
   * Click once on the  Internet icon so it becomes highlighted.
   * Click once on the  Custom Level button.
   * Change the  Download signed ActiveX controls to Prompt
   * Change the  Download unsigned ActiveX controls to Disable
   * Change the  Initialize and script ActiveX controls not marked as safe to Disable
  *  Change the  Installation of desktop items to Prompt
   * Change the  Launching programs and files in an IFRAME to Prompt
   * Change the  Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the  OK button.
   * If it prompts you as to whether or not you want to save the settings, press the  Yes button.
  *  Next press the  Apply button and then the  OK to exit the Internet Properties page.


 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  *  Open  Internet Explorer
  *  Click on  Tools > Internet Options
  *  Press  Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
  *  Do the same for  Local Intranet, Trusted Sites and  Restricted Sites and then press  Apply
  *  Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.


NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free
Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
 regularly to download and install any critical updates and service packs.  Windows Vista/7 users can open the  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 6. Consider a custom hosts file such as MVPS HOSTS
 This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the  DNS Client service  before installing a custom hosts file.

 7. WOT (Web of Trust)
WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice
 


A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

Share this post


Link to post
Share on other sites

Your Welcome Lady !! Gonna lock this now !

 

Glad we could help !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this