Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan/virus keeps returning [Solved]

Started by sutter's mill , Jun 09 2010 08:27 PM

  • This topic is locked This topic is locked

#1
sutter's mill
Posted 09 June 2010 - 08:27 PM

sutter's mill

    Member

  • Member
  • PipPip
  • 35 posts
i've got some sort of trojan/virus that keeps recurring despite my having run full scans w/malwarebytes and fsecure/shaw.ca (shawsecure). fsecure originally found and removed them but it kept coming back and now it slows down my system to the point where nothing responds (and my screen freezes a lot too) and i can't do anything until after i've done a full scan which comes up empty. i can't even get into firefox safe mode as it just opens up as regular firefox. sorry but i've been unable to access any logs to tell you the trojans/viruses in question.

i just ran the ftc and it wasn't able to restart so i shut it down manually. upon start up i got all these extra icons on my desktop that i now can't get rid of (please see the black underlined items on attached jpeg). because of this i've been hesitant to go to the next step unassisted.


thanx yet again in advance (be it to essexboy or someone new)

Attached Thumbnails

  • after_running_tfc.JPG

  • 0

Advertisements

#2
Essexboy
Posted 10 June 2010 - 12:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You rang :)

OK run these from safe mode please

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
sutter's mill
Posted 10 June 2010 - 09:58 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hi Essexboy!

how have you been since we last communicated? i had a feeling that you'd be the one to help me again. THANKS!!! i ran the gmer and after close to to hours found i couldn't access the save button and despite ll my attempts to manually stretch the page i couldn't get to it so when i clicked ok, it closed. i almost couldn't access the scan button but go lucky on that. but if i open it in normal non safe mode, i get all the buttons to click on. so if you could tell me how to save it a different way, i'll run the scan again tomorrow and have pass the info along posthaste. as well i clicked on the otl link and two things: my fsecure blocked it, but also allowed me to click on it anyway. either choice i made resulted in the attached jpeg. hope i don't intrude upon your world cup viewing.

GO ENGLAND!!!!!, i presume?

"sutter"

Attached Thumbnails

  • otl.JPG

  • 0

#4
Essexboy
Posted 11 June 2010 - 11:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again - skip GMER at the moment - we will run it when I get you working properly in normal mode


Seeing as Cornwall doesn't have a team it will be England :)
  • 0

#5
sutter's mill
Posted 11 June 2010 - 12:03 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hi Essexboy

just wanted to let you know i was able to acquire otl so should i run that first? also i forgot to mention that each time i open firefox i get the "warning - unresponsive script" pop up.

A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: chrome://javaconsole1.6.0_18/content/ffjcext.js:20

all for now. i have to step out in a few moments so no rush to reply as i won't have anything new done soon until i return. thanks!
  • 0

#6
Essexboy
Posted 11 June 2010 - 12:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep straight to OTL please
  • 0

#7
sutter's mill
Posted 11 June 2010 - 04:04 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hi Essexboy,

ran the otl scan. only got the one otl.txt and for the life of me i couldn't track down any extras.txt as i don't think there was one. i have to post this in two parts as it's too long as one.

OTL logfile created on: 11/06/2010 2:07:45 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Alice\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 375.00 Mb Available Physical Memory | 74.00% Memory free
862.00 Mb Paging File | 807.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.70 Gb Total Space | 3.00 Gb Free Space | 8.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A
Current User Name: Alice
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/11 10:55:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 10:55:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 04:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (F-Secure BlackLight Sensor)
SRV - [2010/05/17 09:02:05 | 000,055,992 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/05/15 13:39:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/04/22 10:52:39 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2010/02/05 11:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 10:25:43 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/04/22 10:34:03 | 000,033,920 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/08/05 08:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 08:57:20 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/05 08:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 08:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 07:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\InCDrm.sys -- (incdrm)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/26 08:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/12/05 02:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/05/07 11:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB0129.SYS -- (FINEPIX_PCC)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2000/06/10 12:01:48 | 000,037,888 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DgivEcp.sys -- (DgivEcp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2010/05/26 10:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: c:\Program Files\Mozilla Firefox\components [2010/06/05 18:00:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: c:\Program Files\Mozilla Firefox\plugins [2010/06/05 18:01:24 | 000,000,000 | ---D | M]

[2010/02/06 00:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Extensions
[2010/02/06 00:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Extensions\[email protected]
[2008/06/17 20:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Firefox\Profiles\krses33b.default\extensions
[2010/06/10 20:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/26 13:36:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
O4 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\Alice\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2142848800-783458416-1166149760-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133312289328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/11/20 16:58:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\WMI.DLL (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 10:56:03 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
[2010/06/09 20:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Local Settings\Application Data\Ahead
[2010/06/06 18:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\The Tipping Point (Abridged) (2000)
[2010/06/05 18:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/05 17:59:06 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/05/30 21:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Local Settings\Application Data\usmppvsix
[2010/05/29 18:06:52 | 000,000,000 | ---D | C] -- C:\My MusicMichel Thomas Method
[2010/05/29 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\2009 BCLDB
[2010/05/21 21:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\youtube mp3 conversions
[2010/05/18 22:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\New Folder
[2010/05/17 11:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\Asswipe's papers to sign need account of james and confirm of pennies dates
[2010/05/15 13:41:54 | 000,000,000 | ---D | C] -- C:\My Google Gadgets
[2010/05/07 11:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/07 11:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\SystemRequirementsLab
[2010/05/04 19:13:15 | 000,000,000 | ---D | C] -- C:\CyberLink
[2010/05/04 18:29:46 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/05/04 18:29:26 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/05/04 18:29:25 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/05/04 18:29:25 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/05/04 18:29:24 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/05/04 18:29:17 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/05/04 18:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/05/04 18:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\InCD
[2010/05/04 18:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/05/04 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/04 18:11:33 | 000,000,000 | ---D | C] -- C:\MyWorks
[2010/05/04 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink DVD Solution
[2010/04/22 10:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\f-secure
[2010/04/22 10:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2010/04/22 10:25:49 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2010/04/22 10:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw Secure
[2010/04/22 10:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/04/22 10:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/04/08 20:48:07 | 000,000,000 | ---D | C] -- C:\Corel User Files
[2010/03/26 22:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Ubisoft
[2010/03/26 22:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/03/26 22:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/26 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/03/26 21:23:18 | 001,110,016 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranFD.exe
[2010/03/26 21:23:18 | 000,229,376 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefragS.exe
[2010/03/26 21:23:18 | 000,221,184 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDC.exe
[2010/03/26 21:23:18 | 000,212,992 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefrag.dll
[2010/03/26 21:23:18 | 000,107,008 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefragBT.exe
[2010/03/26 21:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/03/26 21:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\geekstogo
[2010/03/26 16:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/26 15:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Local Settings\Application Data\Temp
[2010/03/26 14:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/03/26 13:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Malwarebytes
[2010/03/26 13:18:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 13:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/26 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/21 23:33:09 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/03/20 23:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/20 23:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/20 23:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/19 21:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\on your marks
[2010/03/19 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\Primer
[2010/03/19 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Desktop\New MP3's

========== Files - Modified Within 90 Days ==========

[2010/06/11 14:04:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/11 14:03:27 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Alice\ntuser.dat
[2010/06/11 14:03:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 14:02:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Alice\NTUSER.INI
[2010/06/11 13:44:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
[2010/06/11 13:43:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 13:43:51 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/11 13:43:25 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:12:48 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 11:11:26 | 004,306,082 | -H-- | M] () -- C:\Documents and Settings\Alice\Local Settings\Application Data\IconCache.db
[2010/06/11 10:55:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
[2010/06/11 10:51:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 18:39:47 | 000,000,875 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/10 18:15:56 | 000,510,994 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/10 18:15:56 | 000,099,988 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/10 18:15:56 | 000,005,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 17:47:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\gmer.zip
[2010/06/09 22:40:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 22:30:46 | 000,043,719 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2010/06/08 11:26:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/06 13:00:27 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
[2010/06/05 17:59:06 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/04 22:35:20 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\jandreett's ecard copy.doc
[2010/06/01 11:31:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/27 00:19:18 | 000,026,525 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\btr 30.JPG
[2010/05/26 22:31:32 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Alice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 00:13:12 | 000,429,614 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\JamesCameronAVATAR.pdf
[2010/05/21 21:19:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/17 19:49:17 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\TLTT NEW.doc
[2010/05/09 14:11:10 | 000,069,364 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\memory issue.JPG
[2010/05/03 11:08:16 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\10 things your airline wont tell you.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 21:52:32 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\Gmail Chat w-yessica.doc
[2010/04/22 10:34:03 | 000,033,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/04/21 16:27:52 | 000,002,578 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/08 20:47:55 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\PFP120JCM.{PB
[2010/03/26 13:36:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/03/18 21:15:34 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\HELP.EXE
[2010/03/15 13:38:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Alice\Desktop\Recipe for recall.doc

========== Files Created - No Company Name ==========

[2010/06/10 17:49:04 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\gmer.zip
[2010/06/04 22:34:29 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\jandreett's ecard copy.doc
[2010/06/01 11:07:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 17:50:36 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
[2010/05/29 17:50:34 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
[2010/05/29 16:43:19 | 000,069,364 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\memory issue.JPG
[2010/05/27 00:19:18 | 000,026,525 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\btr 30.JPG
[2010/05/23 00:13:11 | 000,429,614 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\JamesCameronAVATAR.pdf
[2010/05/04 19:11:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/04 18:16:33 | 000,059,483 | ---- | C] () -- C:\WINDOWS\NuNinst.cfg
[2010/05/04 18:10:45 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010/05/03 11:08:16 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\10 things your airline wont tell you.doc
[2010/04/27 21:48:41 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\Gmail Chat w-yessica.doc
[2010/04/22 10:26:49 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/04/08 20:47:55 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\PFP120JCM.{PB
[2010/03/20 23:02:57 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/20 23:02:55 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/15 13:38:54 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Alice\Desktop\Recipe for recall.doc
[2010/02/05 20:36:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/02/03 20:15:33 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/15 10:28:39 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/18 21:20:21 | 000,000,070 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2009/01/05 14:34:12 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2009/01/05 14:34:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\dll32.dll
[2009/01/05 14:34:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\Dll2KUSB.dll
[2009/01/05 14:34:12 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2009/01/05 14:34:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Ssthunk.dll
[2009/01/05 14:34:12 | 000,012,800 | ---- | C] () -- C:\WINDOWS\Ss16ft.dll
[2009/01/05 14:34:12 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Ssds16.ini
[2009/01/05 14:34:12 | 000,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2009/01/05 14:34:12 | 000,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2009/01/05 14:34:12 | 000,002,267 | ---- | C] () -- C:\WINDOWS\Ssdef16.ini
[2009/01/05 14:34:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2008/05/14 13:51:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/04/28 14:54:47 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/04/28 14:54:43 | 000,000,163 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2008/03/26 16:56:32 | 000,043,719 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2008/01/27 17:43:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/08/21 11:09:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/05/12 09:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Bclwdde.ini
[2007/05/12 09:56:42 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\WINCTL32.DLL
[2007/05/12 09:56:41 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/05/12 09:56:41 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2007/05/12 09:56:40 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\OE60as.dll
[2007/05/12 09:56:40 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/09/22 09:27:47 | 000,000,272 | ---- | C] () -- C:\WINDOWS\ReadIris.ini
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/02/14 10:34:56 | 000,000,331 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2005/02/14 10:34:31 | 000,000,175 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/02/14 10:33:51 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2005/02/14 10:24:34 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/02/14 10:24:34 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/02/14 10:24:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\usbinst32.dll
[2005/02/14 10:16:16 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/01/21 15:15:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\capture.ini
[2004/12/07 13:04:06 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/12/02 15:42:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/02 15:38:46 | 000,000,589 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/20 17:43:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/20 17:01:22 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/06/22 16:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\CDBurnerXP_Soft
[2010/06/09 18:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\f-secure
[2008/06/11 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Hrsim
[2006/04/10 13:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Leadertech
[2010/02/06 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\LimeWire
[2006/02/01 17:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Opera
[2009/03/21 12:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Serif
[2010/05/07 11:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\SystemRequirementsLab
[2010/03/27 12:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Ubisoft
[2007/05/17 16:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Viewpoint
[2010/03/20 23:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/09 18:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/06/11 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Resources
[2010/04/22 10:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/04/22 10:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2006/01/31 16:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/08 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOMBZ Save Data
[2010/02/06 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/02/04 16:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2008/05/27 17:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/26 23:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/17 16:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/08 11:26:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/29 09:11:42 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/11/20 17:04:30 | 000,003,919 | RH-- | M] () -- C:\DELL.SDR
[2004/08/10 12:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/11/20 17:30:02 | 000,000,688 | -H-- | M] () -- C:\IPH.PH
[2006/12/04 11:55:32 | 000,000,143 | ---- | M] () -- C:\Logon.bat
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 04:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/06/11 14:04:00 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2007/04/04 10:16:38 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008/06/02 22:19:50 | 023,047,784 | ---- | M] () -- C:\setupeng.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/22 10:34:03 | 000,033,920 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\fsbts.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2010/03/06 12:26:23 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys
[2009/12/31 09:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
[2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WMCSetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINNT256.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINNT.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINHELP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WGA.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\VMMREG32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\UNWISE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\unvise32qt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWUNK_32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWUNK_16.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWAIN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WRITE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINIPSEC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winime.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINHELP.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WinFXDocObj.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecsExt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINCTL32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winar30.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIN.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WEBFLDRS.MSI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WDL.TRM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WAVMIX16.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WATCHDOG.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w95inf32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w95inf16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSSAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\virtear.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vidx16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA64K.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA256.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAJET32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\V7VGA.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\utilman.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbinst32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnphost.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniime.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UNICODE.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicdime.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UDHISAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSLABELS.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSLABELS.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsgqec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TREE.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tl32v20.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCPMON.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSDM.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SUBRANGE.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SSMARQUE.SCR:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLWID.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLSRV32.RLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLSRV32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPOOLSS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SORTTBLS.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SONYHCY.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHIFTJIS.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SETVER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SETUP.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SERVICES.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sapi.cpl.manifest:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSACI.RAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\romanime.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rhttpaa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRS.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRNM.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\quick.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\quartz.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qtplugin.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qdiagdwc.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PVPLUS32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Prounstl.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\POWERCFG.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\photometadatahandler.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFWCI.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFMON.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFI009.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFFILT.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFD009.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFCI.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\osk.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwc.cpl.manifest:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NUSRMGR.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTVDMD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMARTA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\normnfkd.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\normnfkc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\normnfd.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\normnfc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\normidna.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.THA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ENG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.CHT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.CHS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nlsdl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETSETUP.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NET.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NET.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl.manifest:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\narrator.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MXMAIL97.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml6r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswstr10.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjtes40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjint40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshtml.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshta.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msfeedssync.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSDART.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscal.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MORE.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MODE.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MociExt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMDRV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\miniime.tpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MIB.BIN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mhwt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciqtz.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\magnify.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltwvc11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lttmb11n.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lttmb11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ltocx11n.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ltefx11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LRNXP.ICO:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOCALE.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOADFIX.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfxwd11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftif11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftga11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpsd11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpng11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpcx11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpcd11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfmsp11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfimg11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfgif11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffpx11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffax11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfeps11n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KRNL386.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KOREAN.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd106.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KB16.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KANJI_2.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KANJI_1.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_04-b05.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_06-b03.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_05-b04.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGSH400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGSD400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGMD400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGAW400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irisco32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INTL.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IntelNic.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\intelmoh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IntelCci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INSTCAT.SQL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imjp81k.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imjp81.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IEXPRESS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ieuinit.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iesetup.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\idndl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IDEOGRAF.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3762.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppausb0.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppasnm0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppapts0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppaprt0.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppanet0.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hppadt40.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HOMEPAGE.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhctrl.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HHACTIVEX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HDWWIZ.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GTKCMO64.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gtdownde_110.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gtdownde_110.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GPCIEn64.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GDI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GB2312.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXSPERF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXSMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXSCOUNT.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FTP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSQUIRT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FRAMEBUF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FORMAT.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FORCEDOS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FINGER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FINDSTR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FIND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EXPAND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EULA.TXT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EUDCEDIT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDLIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDIT.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDIT.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\e100bmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\e100b325.din:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DVDUPGRD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSSEC.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSRIRREM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSR_BAT.BAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WS2IFSL.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\VIDEOPRT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBINTEL.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBCAMD2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBCAMD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USB8023.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TUNMP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TDI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TAPE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sonyhcs.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Sonyhcp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sonyhcc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sonyhcb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SONYDCAM.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SFFP_SD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SFFDISK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SDBUS.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SCSIPORT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RTL8139.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ROOTMDM.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RNDISMP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\P3.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKIPX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ntfs.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NMNT.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NIC1394.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MF.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\kbdhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hppausb0.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hppaprt0.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hppadt40.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HCF_MSFT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ETC\NETWORKS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ETC\LMHOSTS.SAM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\es1371mp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DXG.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DISKDUMP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CRUSOE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BRIDGE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ATMLANE.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ARP1394.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AMDK7.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AMDK6.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOSX.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMREMOTE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLPT64.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLPT2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ws2help.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ws2_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winsta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winmm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wiaservc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wdmaud.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\version.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\uxtheme.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\user32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\usbuhci.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\usbstor.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\usbport.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\usbhub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\upnphost.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\update.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\tdc.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sysaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\swmidi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\stream.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\shimeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\setupapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sensapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rsaenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\riched20.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\portcls.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\olepro32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ntmarta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msvcp60.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mspqm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mspclock.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msls31.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mskssrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msimg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mshtml.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mshta.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msadox.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msacm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\modemcsa.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mlang.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc42.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ksuser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\itircl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\imgutil.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\hhctrl.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fastfat.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\explorer.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\drmkaud.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\drmk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dmusic.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dbghelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\cscui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\cryptui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\cryptnet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\crypt32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\comres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\clbcatq.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\atapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\apphelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\acgenral.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKPART.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DIANTZ.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRGFAT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRG.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEBUG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DDMI64.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DDESHARE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DCOMCNFG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Dcache.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBNMPNTW.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBMSRPCN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayi.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DATACLEN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTYPE.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONVERT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONIME.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\config\SYSTEM.SAV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\config\SOFTWARE.SAV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\config\DEFAULT.SAV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMPACT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMMAND.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNMLM56.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMSTP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMMON32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmglue.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMDL32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLICONFG.RLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLICONFG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLICONFG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLICONF.CHM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLEANMGR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CKCNV.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CIADV.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHCP.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chajei.ime:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdplayer.exe.manifest:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdfview.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CACLS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_850.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28592.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28591.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOPOMOFO.UCE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BLASTCLN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BIOS4.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BIOS1.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOLFN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOFMT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOCONV.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUDITUSR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Audio3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ATTRIB.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ATMADM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ARP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\APPEND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AHUI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACTMOVIE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACCESS.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\aaclient.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$WINNT$.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WINSPOOL.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SETUP.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SYSTEM.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SYMEVENT.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SimTower.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SETUPLOG.DEL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SETUPAPI.DEL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SETUPACT.DEL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SETPWRCG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGOPT.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ORUN32.ISU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ORUN32.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NOTEPAD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\msxml6-KB933579-enu-x86.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\MSDFMAP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Maximizer.MIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\macromix.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Kokanee.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB939683.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB936782.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB929399.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB929338.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB926255.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB925486.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB925454.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB924496.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB924270.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB924191.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923980.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923723.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923694.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923414.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923191.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922819.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922760.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922582.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB920872.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB920685.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB920213.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB919007.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB905749.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB905414.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB904942.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB904706.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB903235.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB902400.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB901214.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB901017.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB900725.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB899591.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB899588.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB899587.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896727.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896688.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896424.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896423.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB896344.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB894391.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB893803.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB893756.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB892130.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB891122.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB890923.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB890047.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB888310.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB867282.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB834707.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IE4 Error Log.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EXPLORER.SCF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EReg072.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\dirdib.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DELL.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\CLOCK.AVI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Bclwdde.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\basecsp.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\INFCACHE.1:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\BOOT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wudf01000Inst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmp11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMFDist11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WIC.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WAVEMIX.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINGPAL.WND:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINGDIB.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINGDE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WING32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WING.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unam4ie.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umandlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tm20dec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tdc.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sscsdk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sbtrvd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s2dtconv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rgb9rast_2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qcut.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pnrpnsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2psvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pnetsh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgraph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgasvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2p.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OT60as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OSC60as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\og70as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OE60as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NWLOCALE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MxGetSet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxbde40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswdat10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstext40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrepl40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd3x40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspbde40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msltus40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjetoledb40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshtmler.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexcl40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexch40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\milcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCUIA32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Mfcoleui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCO30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mf3216.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LMRTREND.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\licmgr10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETWH16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMPLODE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icrav03.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ecMecIm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxtmsft3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVA.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xmlprovi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xmlprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xcopy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xactsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wzcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wstdecod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wsnmp32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshom.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wship6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshcon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshbth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wpnpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wpabaln.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmv8ds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmstream.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmsdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmsdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmplayer.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpband.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2res2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2fxb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2fxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2filt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2eres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmm2ae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmitimep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipsess.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipjobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipiprt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipicmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipdskq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmidx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmidcprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmicookr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiaprpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiapres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wisc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winzm.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winsp.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winshfhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winpy.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winntbbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmtr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winime.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winbrand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winar30.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiavideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiascr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiadefui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wextract.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\webvw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemupgd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemtest.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemdisp.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemdisp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemcntl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wabmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wabfind.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wab32res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\voicesub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\voicepad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\viewprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vdmredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vbisurf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usbui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\upnpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\upnpcont.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\uploadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\updprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\untfs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unsecapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unregmp2.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\uniime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unicdime.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tshoot.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsddd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscfgwmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trnsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trialoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tracert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tourP.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tmplprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tmigrate.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintlphr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintlgnt.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\termmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpmib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapi3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysocmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysmod_a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\synceng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stimon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\startoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sstub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sstext3d.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ssstars.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sspipes.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ssmyst.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ssmypics.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ssflwbox.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ssbezier.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ss3dfo.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sqlxmlx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sqlunirl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sqlse20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sqlqp20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sqldb20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spttseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprb0424.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprb041b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spra0424.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spra041b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spnpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcplui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softkbd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\snmpsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\snmpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sniffpol.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smtpcons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smbinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbiop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\skeys.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\simpdata.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sigverif.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sigtab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shutdown.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shrpubw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shdocvw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setupqry.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setup_wm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\servdeps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sendcmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sdbinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scrrun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scrnsave.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\script_a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\script.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scrcons.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sccsccp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scarddlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sbeio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\savedump.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\safrslv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\safrdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\safrcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtipxmib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtcshare.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsh.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rrcm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\romanime.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regwizc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\redir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdsaddin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpwsx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpsnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpdd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpclip.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdchost.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rcp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rassapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasphone.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasauto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\racpldlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\quick.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qprocess.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qmgrprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qedwipes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qdvd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qdv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\proxycfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\proquota.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\proctexe.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\printui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\powercfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\polstore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmigrate.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pintlphr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pintlgnt.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pintlcsd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pintlcsa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\photowiz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\phon.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfproc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfmon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfdisk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pautoenr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs804.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs404.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\opengl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oobebaln.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleaut32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\offfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oemiglib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oemig50.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oeimport.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odtext32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odpdx32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odfox32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odexl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oddbse32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbctrac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbcp32r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbccu32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbccr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbccp32.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbcconf.rsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbcconf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbcconf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbc32gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ocmsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ocmanage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ocgen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\obrb0424.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\obrb041b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\objsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nv4_disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntprint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmsdba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nslookup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\npptools.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nppagent.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\npdrmv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\notiflag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmmkcert.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmcom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmchat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmasnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmas.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nls302en.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nlhtml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netsh.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\net1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndisnpp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nddenb32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nddeapir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtsadmin.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxbde40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxactps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mswstr10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mswdat10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msw3prt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvidctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mstinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mstext40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mst123.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mst120.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoapr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoap1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msscript.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msscds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msrepl40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msrd3x40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msrd2x40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mspmsnsv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mspbde40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msorcl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msorc32r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msoobe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobweb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobshel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobdl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobcomm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msnsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msnetobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msjtes40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msjter40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msjint40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msjetol1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msjet40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msimain.sdb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msieftp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msgsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msgrocm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msgr3en.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msexcl40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msexch40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdxmlc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdtcstp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdfmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaurl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdatt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdatsrc.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdasc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaremr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdarem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaprst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaprsr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaosp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaorar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaora.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaer.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdaenum.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdadiag.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdadc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msctfp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msctf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscpxl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscpx32r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscandui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msapsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msafd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msador15.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msado27.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msado26.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msado25.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msado21.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msado20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msader15.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaddsr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadcor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadcfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadcf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msadcer.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mrxdav.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpg4ds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpg4dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpg2data.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mp4sdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mp43dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mobsync.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mnmdd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmfutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mlang.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migwiz_a.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migload.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\miglibnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migism_a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migism.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mgmtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\metal_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciwave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciseq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciqtz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciavi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcastmib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\makecab.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lprhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\log.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\localui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lmrt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\LAPRXY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\krnlprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keymgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kd1394.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdukx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsmsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsmsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdno1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmlt48.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmlt47.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmaori.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinmal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinben.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinbe1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfi1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd106.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ixsso.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isrdbg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isignup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxwan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxroute.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipv6mon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipv6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsmsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsecsnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ippromon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipconfig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\input.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\initpki.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetppui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetmib1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imsinsnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imscinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imlang.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjputyc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjputy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjprw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdct.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpcus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpcic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjp81k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjp81.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imeshare.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrmbx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrcic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\igmpagnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ifmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\idq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwtutor.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwrmind.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwphbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwdl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwdial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwconn2.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwconn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\htui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\htrn_jis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hscupd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hotplug.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\home_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrlui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hccoin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\h323msp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\h323cc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\guitrn_a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\guitrn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpkrsrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\glu32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsxp32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxswzrd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsocm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscomex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fwdprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsconins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fpencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fp4autl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fp40ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evntrprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eqnclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\encdec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\encapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dx8vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dx7vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dswave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsuiext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dssec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprpres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsound3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsdmoprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsdmo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ds32gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ds16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmv2clt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpwsockx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpvvox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpvoice.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpvacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnlobby.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnhupnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnhpast.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnaddr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpmodemx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmusic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmsynth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmserver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmscript.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdskmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmcompos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmband.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\digest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dialer.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dcap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dbnetlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dbgeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dayi.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\daxctle.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\datime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dim700.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\custsat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cryptdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cplexe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\confmrsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrereg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrepl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmsetacl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmprops.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmdial32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmcfg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\class_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cintlgnt.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cintime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtskf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtskdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtmbx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chajei.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cfgbkend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cewmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\certmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\catsrvps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\camocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\callcont.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\btpanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bthserv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brpinfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\browsewm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\browseui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bnts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\blackbox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bitsprx3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bitsprx2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bidispl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asferror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asctrls.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\apps.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\amstream.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\alrsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agtintl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agtctl15.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0c0a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0816.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041f.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0419.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0416.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0415.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0414.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0413.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0410.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0408.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0407.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0406.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0405.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agentsr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agentpsh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agentctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agentanm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsmsext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsldp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acxtrnal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aclua.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\danim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crpaig32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS56.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\admparse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WAVMIX16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SYSTEM.MXS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NLSDownlevelMapping.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Mselfreg.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSCompPackV1.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MA1049.tsf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB950749.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB948881.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB948590.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB947864-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB946026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB945553.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944653.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943485.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943460.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943055.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942763.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941693.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941644.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941569.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941568.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941202.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939653-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938829.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938828.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938127-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB937143-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936357.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935840.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935839.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933729.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933566-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933360.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB932823-v3.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB932168.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931784.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931768-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931768.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931261.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930916.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930178.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929123.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928843.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928090.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927891.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927802.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927779.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926436.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926239.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925902.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925876.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925720.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924667.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB921503.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB920342.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918118.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB915865.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914440.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB902344.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ie7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IDNMitigationAPIs.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DBNAMES.CFG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\setupeng.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\PDOXUSRS.NET:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Alice\madden.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Alice\Local Settings\Application Data\fusioncache.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Alice\Application Data\PFP120JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Alice\Application Data\Comma Separated Values (DOS).ADR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\XpsEPSC.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup10.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WMSETUP.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WIN.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WIASERVC.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WgaNotify.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\TSOC.LOG:KAVICHS
  • 0

#8
sutter's mill
Posted 11 June 2010 - 04:05 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
the remainder of otl.txt

@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\xolehlp.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\XMLPROV.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\XENROLL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\XACTSRV.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WZCDLG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WTSAPI32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WSTDECOD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WSHOM.OCX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WPA.DBL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WMVDS32.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WMV8DS32.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINZM.IME:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINSP.IME:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINSHFHC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINPY.IME:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WINBRAND.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WIASCR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WIADEFUI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WEBVW.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\webclnt.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WAVEMSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\VBISURF.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\USP10.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\UPNPUI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TAPI3.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SYSOCMGR.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSTEXT3D.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSSTARS.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSPIPES.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSMYST.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSMYPICS.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSFLWBOX.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SSBEZIER.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SS3DFO.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SQLUNIRL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SNMPSNAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SLBIOP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SLBCSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SIGVERIF.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SHRPUBW.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SHFOLDER.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SETUPAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SENSAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SDBINST.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SCRRUN.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SCRNSAVE.SCR:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\SBE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RUNDLL32.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RTM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RTCSHARE.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RSVPSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\resourceGeneric.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\REND.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\REDIR.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RDPDD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RDPCLIP.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RDCHOST.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasmans.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RASAUTO.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RASAPI32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasadhlp.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\RACPLDLG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\QMGRPRXY.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\QEDWIPES.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\QDVD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\QDV.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PROCTEXE.OCX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PRINTUI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\pintool.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PINTLGNT.IME:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PID.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PHOTOWIZ.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFTS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFPROC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFOS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFNET.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFMON.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFDISK.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PERFCTRS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PAQSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OPENGL32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OLEACC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OFFFILT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ODBCCONF.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ODBCCONF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OCMANAGE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OBJSEL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\nwprovau.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NTSD.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NTPRINT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NTMSSVC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NTMSDBA.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NSLOOKUP.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NLHTML.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NETSHELL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NETSH.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NETSETUP.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NETH.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NETAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\NET1.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSXML.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSW3PRT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSVIDCTL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSSCRIPT.OCX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSSCDS32.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSSAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSR2C.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSORCL32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSNSSPC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSIMG32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSIEFTP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSGSVC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSDADIAG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSCTFP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSAPSSPC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSADDS32.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSACM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MPRDIM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MPG4DS32.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MOBSYNC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MNMDD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MLANG.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCIWAVE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCISEQ.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCIQTZ32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCIAVI32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MCD32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MAKECAB.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\LMRT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\KEYMGR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\jgpl400.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\jgdw400.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\JET500.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ISIGN32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPSMSNAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPSECSNP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPRTRMGR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPROP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPPROMON.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IPMONTR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\iphlpapi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\INPUT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\INITPKI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\INETCFG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IMESHARE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\imekr61.ime:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ILS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ifxcardm.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IFMON.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IDQ.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ICWDIAL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IASSDO.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IASSAM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IASRECST.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IASRAD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\HOTPLUG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hlink.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\HIMEM.SYS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\HCCOIN.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\H323MSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GLU32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GLMF32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GETUNAME.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GEO.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\GCDEF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\G711CODC.AX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSXP32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSWZRD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSUI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSPERF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSCOMEX.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSCOM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FXSCFGWZ.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FSUSD.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltmc.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltlib.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\EXTS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ESENT97.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ENCDEC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ENCAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dxmasf.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DX8VB.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DX7VB.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSWAVE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSUIEXT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSSEC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSPROP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSOUND3D.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSOUND.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSDMOPRP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DSDMO.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\wdmaud.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\splitter.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\rdbss.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\kmixer.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\http.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\system32\DRIVERS\fltMgr.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\Dot4usb.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\aec.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPWSOCKX.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPVVOX.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPVOICE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPVACM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPNLOBBY.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPNHUPNP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPNHPAST.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPNADDR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPMODEMX.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DPLAY.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMUSIC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMSYNTH.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMSTYLE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMSERVER.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMSCRIPT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMOCX.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMLOADER.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMIME.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMDSKMGR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMDLGS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMCOMPOS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DMBAND.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\wdmaud.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\sxs.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\splitter.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\rdbss.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\rasmans.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\rasadhlp.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\kmixer.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\iphlpapi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\dxmasf.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\dhcpcsvc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\comctl32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\agentdp2.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\aec.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DIMAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DIGEST.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DIACTFRM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DHCPMON.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dhcpcsvc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DGNET.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DESKMON.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DESKADP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DDEML.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DBNETLIB.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DBGENG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DAXCTLE.OCX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DATIME.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\D3DXOF.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\D3DRM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\D3DRAMP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\D3DPMESH.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CRYPTDLG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CONFMSP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COMSNAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COMDLG32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\comctl32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\COMCAT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CMPROPS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CMDIAL32.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CLUSAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ciodm.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CIC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CERTMGR.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CATSRVPS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\CAPESNPN.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_875.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_500.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_28598.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_28593.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_20905.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_1026.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\C_037.NLS:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\BROWSEWM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\bcsprsrc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\basecsp.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\axaltocm.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AVWAV.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AVTAPI.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ASCTRLS.OCX:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\APPHELP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\APCUPS.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\AMSTREAM.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ALRSVC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ADSNT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ADSMSEXT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ADSLDP.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\Setup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\pvsw.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\OCMSN.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\OCGEN.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\MSGSOCM.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB929969.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB922616.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921883.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921398.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920683.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920670.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920214.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB918899.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB918439.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917953.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917344.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917159.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB916595.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB916281.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB914389.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB914388.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB913580.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB912812.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911927.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911567.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911565.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911562.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911280.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB908531.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB901190.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB900485.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\IIS6.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\hpbafd.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\COMSETUP.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\BOOTSTAT.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Logon.bat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Alice\NTUSER.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Alice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\XCOPY.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WZCSVC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WSOCK32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WSHBTH.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WS2_32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WPNPINST.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WPABALN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WMSTREAM.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WMSDMOE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WLNOTIFY.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINVER.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINSTA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINNTBBU.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINMSD.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINMM.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WINCHAT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WIAVIDEO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WIASF.AX:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\WEXTRACT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\W32TM.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\VCDEX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\UXTHEME.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRV42A.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRDPA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\UPNPCONT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\UNTFS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\UFAT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSKILL.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSD32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSCUPGRD.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSCON.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TSCFGWMI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TRACERT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TINTLGNT.IME:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TFTP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TERMMGR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYSSETUP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SWPRV.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SUBST.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\STORAGE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\STIMON.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SPNPINST.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SORT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SMBINST.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SKEYS.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SHUTDOWN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SHARE.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SHADOW.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SFC.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SETUP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SCCSCCP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SCCBASE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SCARDDLG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SBEIO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SAVEDUMP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RUNAS.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RSMUI.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RSM.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RSH.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ROUTE.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REXEC.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RESET.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REPLACE.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REGWIZC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REGINI.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RECOVER.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RDSADDIN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RDPWSX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RCP.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RCBDYCTL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RASPHONE.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\QPROCESS.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PSAPI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PROXYCFG.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PROQUOTA.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PRINT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\POWRPROF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\POWERCFG.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\POLSTORE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PMSPL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PING6.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PING.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PENTNT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\PATHPING.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\OLE2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ODTEXT32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ODEXL32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ODDBSE32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ODBCTRAC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NV4_DISP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NETSTAT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NETMSG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NETCFGX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NDDEAPIR.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MTXEX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSXML2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSVCRT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSTINIT.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSORC32R.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSG.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSDXMLC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSDATSRC.TLB:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\mscpxl32.dLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\mscpx32r.dLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSAFD.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSACM32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MRINFO.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MODEX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MMFUTIL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MMCBASE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MLANG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MIMEFILT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MIGLIBNT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MGMTAPI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MEM.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MDHCP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MCASTMIB.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MAPI32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LPRHELP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LPR.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LPQ.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LPK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LOGMAN.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LOCALUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LOADPERF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\linkinfo.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\LABEL.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ksuser.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KEYBOARD.SYS:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KEY01.SYS:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KD1394.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUKX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDUK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSW.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSMSNO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSMSFI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDSF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDRU.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDRO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDPO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDPL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDNO1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDNO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDNEC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDNE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDMON.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDMLT48.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDMLT47.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDMAORI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDLV.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDLT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDLA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDIT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDIR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDINMAL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDINBEN.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDINBE1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDIC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHU.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDHE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDGR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDFR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDFO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDFI1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDFI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDFC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDEST.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDES.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDDV.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDDA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDCA.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDBU.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDBR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDBE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IXSSO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ISRDBG32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPXWAN.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPXROUTE.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPV6MON.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPV6.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IPCONFIG.EXE:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\INETPPUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\INETMIB1.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IMM32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IMAGEHLP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IGMPAGNT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ICWPHBK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ICMP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASNAP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASADS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\IASACCT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\HTUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\HTTPAPI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\HNETMON.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\GPKRSRC.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FXSRES.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FXSDRV.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FWCFG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FMIFS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FAULTREP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\esent.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DSPRPRES.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DS32GT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\MODEM.SYS:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\FASTFAT.SYS:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DMINTF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DESK.CPL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DDRAW.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DCIMAN32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DBGHELP.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CSCDLL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CRYPTUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CRYPT32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\COMPSTUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\COMADDIN.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\colbact.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CMUTIL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\cmsetACL.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CMCFG32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CINTLGNT.IME:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CFGMGR32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CFGBKEND.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CAMOCX.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\CABINET.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\BTPANUI.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\BTHSERV.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\BITSPRX3.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\BITSPRX2.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\BIDISPL.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\AVMETER.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\authz.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ATRACE.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ANSI.SYS:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\ACTIVEDS.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\12520850.CPX:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\12520437.CPX:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\XMLPROVI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WSNMP32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WshRm.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WSHISN.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WSHIP6.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WSHCON.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WSHATM.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WMERRENU.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WINNLS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WINFAX.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VJOY.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VERSION.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VERIFIER.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VER.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\VDMREDIR.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRVPA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRV80A.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\USERENV.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\UREG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\TSDDD.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\TCPMONUI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\TCPMIB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\TAPI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SYSINV.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SYNCENG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\STORPROP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\STDOLE2.TLB:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\STCLIENT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SRCLIENT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SNMPAPI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SKDLL.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SIMPDATA.TLB:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SIGTAB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SERVDEPS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SENDCMSG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SECURITY.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SECUPD.SIG:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SECUPD.DAT:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SCECLI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SAMLIB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SAFRSLV.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SAFRDM.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SAFRCDLG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RTIPXMIB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RSMPS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RNR20.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\REGSVR32.EXE:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\REGSVC.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RDPSND.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RASSER.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RASSAPI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RASRAD.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\RASMXS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\QuickTimeCheck.ocx:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\QMGR.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PAUTOENR.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\PANMAP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODPDX32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODFOX32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCP32R.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCCU32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCCR32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCCP32.CPL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCCONF.RSP:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBCBCP.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBC32GT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBC32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTIO804.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTIO412.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTIO411.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTIO404.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NPPTOOLS.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NMMKCERT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NETPLWIZ.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NDDENB32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NCPA.CPL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MTXLEGIH.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MTXDM.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSVFW32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSVCP60.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSVCIRT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSUTB.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSOEACCT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSIMTF.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MPR.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MMSYS.CPL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\IVFSRC.AX:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\IR50_32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\IAC25_32.AX:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\FXSEVENT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\FXSCOVER.EXE:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DUMPREP.EXE:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\CDFS.SYS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DINPUT8.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DINPUT.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\compatUI.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\REGEDIT.EXE:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\Program Files\Dell\Media Experience\PCMService.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\WINHLP32.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ZIPFLDR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\XPSP2RES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\XPSP1RES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\XPOB2RES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WUAUSERV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSHTCPIP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSHEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSCUI.CPL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSCSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSCRIPT.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WSCNTFY.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WS2HELP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WMI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WLDAP32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WINSPOOL.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WINSCARD.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WINRNR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WINMINE.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WINLOGON.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WIN32SPL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WIASHEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WIADSS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WIAACMGR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\W3SSL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\W32TIME.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\VSSVC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\VGA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\VDMDBG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\USERINIT.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\USER.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\USBMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UPS.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UPNP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UNIPLAT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UNIMDMAT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\UNIMDM.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ULIB.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TWEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TRKWKS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TIMEDATE.CPL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\THEMEUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TERMSRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TCPMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TASKMGR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\TAPI32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SYNCUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\STRMFILT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\STOBJECT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\STI_CI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\STI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SSDPSRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SSDPAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SRSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SRRSTR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\spoolsv.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SPIDER.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SOL.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SNDVOL32.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SNDREC32.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SMLOGSVC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SMLOGCFG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SLAYERXP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SL_ANET.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHSCRAP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHMGRATE.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHMEDIA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHIMGVW.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHIMENG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHGINA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\shdocvw.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SHDOCLC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SFCFILES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SFC_OS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SFC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SESSMGR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SENS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SENDMAIL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SECLOGON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SDHCINST.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SCROBJ.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SCLGNTFY.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SCHEDSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SCESRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SCARDSVR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\SAMSRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RUNONCE.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RTUTILS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RSVP.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RSHX32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RSAENH.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RESUTILS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\REMOTEPG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\REGAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RASTAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RASPPP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RASMAN.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\RASDLG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\QuickTime.cpl:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\QEDIT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PSTORSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PSBASE.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PROFMAP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PJLMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\PIDGEN.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OSUNINST.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OLEPRO32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OLEPRN.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ole32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ODBCJT32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ODBCJI32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ODBCINT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ODBCCP32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTVDM.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTSHRUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTMSMGR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTMSAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTLSAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTLANMAN.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTIO.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTDSAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NTDOS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NOTEPAD.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\normaliz.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NEWDEV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETUI2.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETUI1.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETUI0.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETRAP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\netman.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETLOGON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETID.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NETDDE.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NDPTSP.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NDDEAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\NCOBJAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MYDOCS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSVCRT40.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSTLSAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSTASK.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSPRIVS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSPATCHA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSOERT2.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSLBUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSIDLE.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSIDENT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msi.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSHEARTS.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSH261.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSGINA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSG723.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSG711.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSDXM.OCX:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSDTC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSDMO.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSCONF.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSADP32.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSACM32.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MPRUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MPRAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MPLAY32.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MPG2SPLT.AX:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MORICONS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MODEMUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MOBSYNC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MNMSRVC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MMCSHEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MMCNDMGR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MMC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MIDIMAP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MFCSUBS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MDMINST.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MAPISVC.INF:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MAIN.CPL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LZ32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LSASS.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LOGONUI.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LODCTR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LOCATOR.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LOCALSEC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LMHSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LICWMI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LICDLL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LANMAN.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\L_INTL.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\KMDDSP.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\KDCOM.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\itss.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\itircl.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IRPROPS.CPL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR50_QCX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR50_QC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR41_QCX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR41_QC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR41_32.AX:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IR32_32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IPSECSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IPNATHLP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IPCONF.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IntelMPM.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\INETRES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\INETPP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\Indeo4.qtx:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IMAPI.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\IMAADP32.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ieui.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ICMUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\icm32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ICCVID.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ICAAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HTICONS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hppapml0.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hppapml0.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hppamon0.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hppadt40.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HPDOMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HPBMMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HPBHEALR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HNETWIZ.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HNETCFG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HIDPHONE.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\hhsetup.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\HAL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\H323.TSP:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\GWFSPidGen.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\GRPCONV.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSTIFF.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSSVC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSST.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSSEND.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSEXT32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FXSAPI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FREECELL.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FONTVIEW.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FONTEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FLDRCLNR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FIREWALL.CPL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FILEMGMT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\FECLIENT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\EXPSRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\EVENTLOG.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ERSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ELS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\EGA.CPI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DXDIAGN.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DWWIN.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DUSER.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DSSENH.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DSQUERY.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DSKQUOTA.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRPROV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\WANARP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\VOLSNAP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\viaide.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\viaagp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\usbuhci.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\usbscan.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\usbport.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\usbhub.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\USBEHCI.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\TERMDD.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\SWENUM.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\sisagp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\SERIAL.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\SERENUM.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\REDBOOK.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\rdpwd.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RDPDR.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RDPCDD.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RASPTI.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RASPPTP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RASPPPOE.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RASL2TP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\RASACD.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\PTILINK.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\PSCHED.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\portcls.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\pciidex.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\pci.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\PARTMGR.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\PARPORT.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NWLNKFWD.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NWLNKFLT.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NV4_MINI.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NPFS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NETBT.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NETBIOS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NDISWAN.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NDISUIO.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\NDISTAPI.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MUP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MSSMBIOS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MSGPC.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MSFS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MOUNTMGR.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MOUCLASS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\mohfilt.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\KBDCLASS.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IRENUM.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IPSEC.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IPINIP.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IPFLTDRV.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IP6FW.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\INTELPPM.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\intelide.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IntelC53.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IntelC52.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IntelC51.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\IMAPI.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\I8042PRT.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\i2omp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\FLPYDISK.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\FDC.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\ETC\PROTOCOL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\drmk.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\Dot4.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\DMLOAD.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\DMIO.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\DMBOOT.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\CDROM.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\AUDSTUB.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\ATMARPC.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\ASYNCMAC.SYS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\amdagp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\alim1541.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\agpCPQ.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\agp440.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\system32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DPNET.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DPLAYX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DPCDLL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DOCPROP2.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DMUTIL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DISPEX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DISKCOPY.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DFSSHLEX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DFRGUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DFRGSNAP.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DFRGNTFS.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DEVMGR.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DEVENUM.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DEFRAG.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DDRAWEX.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DAVCLNT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\D3DIM700.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\D3D9.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\D3D8THK.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\D3D8.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CTFMON.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CSRSS.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CSCUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CRYPTSVC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CRYPTNET.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CRYPTEXT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CRYPTDLL.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CREDUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\comuid.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\comsvcs.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\COMRES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\comrepl.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CNBJMON.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CMD.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CLIPSRV.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CLIPBRD.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\clbcatq.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\clbcatex.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CISVC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CHARMAP.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CERTCLI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\catsrvut.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\catsrv.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\CALC.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_950.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_949.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_936.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_932.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_874.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_869.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_866.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_865.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_863.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_861.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_860.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_857.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_855.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_852.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_775.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_737.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_437.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_28605.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_28603.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_28599.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_21866.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_20866.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_20261.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_20127.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1258.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1257.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1256.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1255.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1254.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1253.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1252.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1251.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_1250.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10082.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10081.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10079.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10029.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10017.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10010.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10007.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10006.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\C_10000.NLS:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BTHCI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BROWSER.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BROWSELC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BATT.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BATMETER.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BASESRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\AUDIOSRV.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ATMLIB.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ALG.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\advpack.dll.mui:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ADSLDPC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ACTXPRXY.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ACLUI.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ACCWIZ.EXE:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\STDOLE.TLB:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\ie7_main.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\hh.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\explorer.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\_DEFAULT.PIF:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\Windows Media Player\WMPNetwk.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\QuickTime\qttask.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\Alice\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\Alice\LuResult.txt:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\Alice\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\VBADDIN.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\VB.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\xmllite.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WZCSAPI.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WOW32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WMPhoto.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WMADMOD.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WindowsCodecs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Wbtrv32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\VGA.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\user32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TIMER.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\SYSMON.OCX:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\SOUND.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\SHELL.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\SETHC.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\RICHED32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\remotesp.tsp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\REG.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\RDSHOST.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\RCIMLBY.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\QCAP.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PSTOREC.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PROGMAN.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PERFWCI.H:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PERFFILT.H:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PERFCI.H:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PCL.SEP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PACKAGER.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ODBCAD32.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msftedit.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MSCTFIME.IME:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mpeg2data.ax:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc42u.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MFC42.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MFC40.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MCICDA.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lttwn11n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LOGON.SCR:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfjbg11n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LegitCheckControl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\JOY.CPL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imgutil.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\HID.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FXST30.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FXSROUTE.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FXSCLNT.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\EXTRAC32.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DXDIAG.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DSRIRREM.CFG:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DSOUND.VXD:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DSKQUOUI.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\UDFS.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\TDTCP.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\TDPIPE.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\stream.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\sonypvs1.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\SFLOPPY.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\PROCESSR.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\PCMCIA.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NDPROXY.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\NDIS.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\I2OMGMT.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\HIDPARSE.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\HIDCLASS.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\FIPS.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ETC\SERVICES:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\DXAPI.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\CLASSPNP.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DPVSETUP.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DPNSVR.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DPLAYSVR.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\D3DIM.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CSCRIPT.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CONTROL.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\COMM.DRV:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CMOS.RAM:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CLB.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cdosys.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\CARDS.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\BTHPROPS.CPL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\browseui.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\AUTOCHK.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\APPWIZ.CPL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\$NCSP$.INF:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\ReadIris.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\nsw.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Kokanee1.bak:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB925398.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB923689.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB917734.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB913446.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB912919.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB911564.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB910437.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB908519.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\KB905915.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\FMTMSAM.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\CMSETACL.LOG:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\capture.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\Alice\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe:KAVICHS
< End of report >

what would you like done next?

Thanks!
  • 0

#9
Essexboy
Posted 12 June 2010 - 04:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK from normal mode this time please - by the way the transparent icons are system files, we will hide them again later

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
sutter's mill
Posted 12 June 2010 - 04:04 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hi Essexboy

good game? sweat goal by your mates but the goalie whiffed didn't he? anyway, your log.
i also had to click yes to continue with the xp files that weren't originally from the disc as i don't have a copy of xp on disc, if that makes any sense to you.

ComboFix 10-06-11.01 - Alice 12/06/2010 14:33:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.289 [GMT -7:00]
Running from: c:\documents and settings\Alice\Desktop\ComboFix.exe
AV: Shaw Secure 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
ADS - svchost.exe: deleted 132 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.
ADS - netcfgx.dll: deleted 196 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alice\System
c:\windows\system32\HELP.EXE

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-10 03:13 . 2010-06-10 03:13 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Ahead
2010-06-06 01:00 . 2010-06-06 01:00 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-01 18:07 . 2010-06-01 18:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 04:18 . 2010-05-31 16:52 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\usmppvsix
2010-05-30 01:06 . 2010-05-30 01:06 -------- d-----w- C:\My MusicMichel Thomas Method
2010-05-15 20:41 . 2010-05-15 20:43 -------- d-----w- C:\My Google Gadgets

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 01:08 . 2010-04-22 17:33 -------- d-----w- c:\documents and settings\Alice\Application Data\f-secure
2010-06-07 17:16 . 2010-02-13 02:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 01:01 . 2010-06-06 01:01 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-06 01:01 . 2010-06-06 01:01 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-06 01:01 . 2010-06-06 01:01 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-06 01:01 . 2010-06-06 01:01 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-06 01:01 . 2010-06-06 01:01 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-06 01:01 . 2004-11-21 00:29 -------- d-----w- c:\program files\Common Files\Real
2010-06-06 01:00 . 2008-03-27 19:46 -------- d-----w- c:\program files\Real
2010-06-06 00:59 . 2004-11-21 00:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-06 00:59 . 2004-11-21 00:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-01 23:49 . 2004-12-02 20:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-01 22:54 . 2004-11-21 00:27 -------- d-----w- c:\program files\Dell
2010-06-01 22:44 . 2010-03-27 04:23 -------- d-----w- c:\program files\Puran Defrag
2010-06-01 22:02 . 2004-11-21 00:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 21:34 . 2010-03-26 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 00:44 . 2010-05-30 00:43 734728 ----a-w- c:\documents and settings\Alice\Application Data\Real\RealPlayer\setup\AU_setup14.exe
2010-05-29 03:28 . 2010-03-15 02:51 439816 ----a-w- c:\documents and settings\Alice\Application Data\Real\Update\setup3.10\setup.exe
2010-05-27 06:00 . 2010-03-27 05:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 05:56 . 2010-03-27 05:21 -------- d-----w- c:\program files\SpywareBlaster
2010-05-15 20:39 . 2006-08-03 16:43 -------- d-----w- c:\program files\Google
2010-05-10 21:33 . 2010-01-19 23:01 -------- d-----w- c:\documents and settings\Alice\Application Data\Skype
2010-05-10 17:21 . 2010-01-19 23:02 -------- d-----w- c:\documents and settings\Alice\Application Data\skypePM
2010-05-07 18:04 . 2010-05-07 18:04 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-07 18:04 . 2010-05-07 18:04 85504 ----a-w- c:\documents and settings\Alice\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-07 18:04 . 2010-05-07 18:04 -------- d-----w- c:\documents and settings\Alice\Application Data\SystemRequirementsLab
2010-05-05 03:06 . 2010-01-10 06:08 -------- d-----w- c:\documents and settings\Alice\Application Data\CyberLink
2010-05-05 01:46 . 2010-05-05 01:15 -------- d-----w- c:\program files\Ahead
2010-05-05 01:28 . 2010-05-05 01:16 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-05 01:14 . 2004-11-21 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-05 01:14 . 2010-05-05 01:12 -------- d-----w- c:\program files\CyberLink
2010-05-05 01:14 . 2010-05-05 01:10 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-05-04 17:20 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 11:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-03-26 20:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-03-26 20:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 17:54 . 2010-04-22 17:24 -------- d-----w- c:\program files\Shaw Secure
2010-04-22 17:34 . 2010-04-22 17:26 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-04-22 17:25 . 2010-04-22 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-04-22 17:23 . 2010-04-22 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-04-20 05:51 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-26 23:25 . 2010-03-26 23:25 61440 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c4f4271-n\decora-sse.dll
2010-03-26 23:25 . 2010-03-26 23:25 503808 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\msvcp71.dll
2010-03-26 23:25 . 2010-03-26 23:25 499712 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\jmc.dll
2010-03-26 23:25 . 2010-03-26 23:25 348160 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\msvcr71.dll
2010-03-26 23:25 . 2010-03-26 23:25 12800 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c4f4271-n\decora-d3d.dll
2010-03-26 23:24 . 2010-03-26 23:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2004-10-01 22:00 . 2010-05-05 01:10 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2010-05-15 20:40 . 2010-05-15 20:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-21 98304]
"F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-15 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-06 202256]

c:\documents and settings\Alice\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-1-15 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-11-21 00:29 98304 ------w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-06-06 00:59 488968 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Pvsw\\Bin\\W3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [22/04/2010 10:26 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [22/04/2010 10:25 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [22/04/2010 10:25 AM 68064]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [22/04/2010 10:24 AM 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [22/04/2010 10:25 AM 55992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2010 11:02 PM 135664]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe --> c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [?]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\Shaw Secure\Anti-Virus\fsbldrv.sys --> c:\program files\Shaw Secure\Anti-Virus\fsbldrv.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/05/2010 1:39 PM 30192]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [22/04/2010 10:24 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [22/04/2010 10:24 AM 25184]
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 06:02]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 06:02]

2010-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Alice\Application Data\Mozilla\Firefox\Profiles\krses33b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\Shaw Secure\NRS\[email protected]\components\litmus-ff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-WinampAgent - e:\winamp\winampa.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-HP AutoIndexer - c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
MSConfigStartUp-HP SchedIndexer - c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-PhotoEdit995 - c:\program files\PhotoEdit995\thinsetup.exe
AddRemove-Simtowerv1.0 - c:\maxis\Simtower\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 14:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(640)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
.
Completion time: 2010-06-12 14:47:18
ComboFix-quarantined-files.txt 2010-06-12 21:47

Pre-Run: 2,510,106,624 bytes free
Post-Run: 2,511,384,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2FD9F3B0F7132AFC8FB174959B6D0D2E

ready for the next task.

THANKS!
  • 0

Advertisements

#11
Essexboy
Posted 12 June 2010 - 04:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Don't think he should play any more as he was rubbish

I need to look in a folder - but otherwise it looks OK - what problems do you have now ?



1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DirLook:: 
c:\documents and settings\Alice\Local Settings\Application Data\usmppvsix

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#12
sutter's mill
Posted 12 June 2010 - 06:00 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hey Essexboy

if your goalkeeper got his one soft/bad goal of the tourney out of the way then you guys don't have to worry. and besides rooney's yet to score so still a long ways to go yet. not a soccer fan at all though i remember beardsley and grobbelar playing for our local squad, attended a few matches but not sure i saw them in person. but highlights of beardsley were always good. but i digress. was i supposed to get an otl log from combofix or am i supposed to run otl again? instructions weren't clear.

ComboFix 10-06-11.01 - Alice 12/06/2010 16:31:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.296 [GMT -7:00]
Running from: c:\documents and settings\Alice\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alice\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alice\.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-10 03:13 . 2010-06-10 03:13 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Ahead
2010-06-06 01:01 . 2010-06-06 01:01 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-06 01:01 . 2010-06-06 01:01 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-06 01:01 . 2010-06-06 01:01 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-06 01:01 . 2010-06-06 01:01 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-06 01:01 . 2010-06-06 01:01 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-06 01:01 . 2010-06-06 01:01 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-06 01:00 . 2010-06-06 01:00 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-01 18:07 . 2010-06-01 18:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 04:18 . 2010-05-31 16:52 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\usmppvsix
2010-05-30 00:43 . 2010-05-30 00:44 734728 ----a-w- c:\documents and settings\Alice\Application Data\Real\RealPlayer\setup\AU_setup14.exe
2010-05-15 20:41 . 2010-05-15 20:43 -------- d-----w- C:\My Google Gadgets

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 21:49 . 2004-12-02 22:53 92936 -c--a-w- c:\documents and settings\Alice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-10 01:08 . 2010-04-22 17:33 -------- d-----w- c:\documents and settings\Alice\Application Data\f-secure
2010-06-07 17:16 . 2010-02-13 02:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 01:01 . 2004-11-21 00:29 -------- d-----w- c:\program files\Common Files\Real
2010-06-06 01:00 . 2008-03-27 19:46 -------- d-----w- c:\program files\Real
2010-06-06 00:59 . 2004-11-21 00:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-06 00:59 . 2004-11-21 00:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-01 23:49 . 2004-12-02 20:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-01 22:54 . 2004-11-21 00:27 -------- d-----w- c:\program files\Dell
2010-06-01 22:44 . 2010-03-27 04:23 -------- d-----w- c:\program files\Puran Defrag
2010-06-01 22:02 . 2004-11-21 00:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 21:34 . 2010-03-26 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 03:28 . 2010-03-15 02:51 439816 ----a-w- c:\documents and settings\Alice\Application Data\Real\Update\setup3.10\setup.exe
2010-05-27 06:00 . 2010-03-27 05:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 05:56 . 2010-03-27 05:21 -------- d-----w- c:\program files\SpywareBlaster
2010-05-15 20:39 . 2006-08-03 16:43 -------- d-----w- c:\program files\Google
2010-05-10 21:33 . 2010-01-19 23:01 -------- d-----w- c:\documents and settings\Alice\Application Data\Skype
2010-05-10 17:21 . 2010-01-19 23:02 -------- d-----w- c:\documents and settings\Alice\Application Data\skypePM
2010-05-07 18:04 . 2010-05-07 18:04 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-07 18:04 . 2010-05-07 18:04 85504 ----a-w- c:\documents and settings\Alice\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-07 18:04 . 2010-05-07 18:04 -------- d-----w- c:\documents and settings\Alice\Application Data\SystemRequirementsLab
2010-05-05 03:06 . 2010-01-10 06:08 -------- d-----w- c:\documents and settings\Alice\Application Data\CyberLink
2010-05-05 01:46 . 2010-05-05 01:15 -------- d-----w- c:\program files\Ahead
2010-05-05 01:28 . 2010-05-05 01:16 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-05 01:14 . 2004-11-21 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-05 01:14 . 2010-05-05 01:12 -------- d-----w- c:\program files\CyberLink
2010-05-05 01:14 . 2010-05-05 01:10 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-05-04 17:20 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 11:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-03-26 20:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-03-26 20:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 17:54 . 2010-04-22 17:24 -------- d-----w- c:\program files\Shaw Secure
2010-04-22 17:34 . 2010-04-22 17:26 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-04-22 17:25 . 2010-04-22 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-04-22 17:23 . 2010-04-22 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-04-20 05:51 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-26 23:25 . 2010-03-26 23:25 61440 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c4f4271-n\decora-sse.dll
2010-03-26 23:25 . 2010-03-26 23:25 503808 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\msvcp71.dll
2010-03-26 23:25 . 2010-03-26 23:25 499712 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\jmc.dll
2010-03-26 23:25 . 2010-03-26 23:25 348160 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2146778b-n\msvcr71.dll
2010-03-26 23:25 . 2010-03-26 23:25 12800 ----a-w- c:\documents and settings\Alice\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c4f4271-n\decora-d3d.dll
2010-03-26 23:24 . 2010-03-26 23:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2004-10-01 22:00 . 2010-05-05 01:10 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2010-05-15 20:40 . 2010-05-15 20:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Alice\Local Settings\Application Data\usmppvsix ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-21 98304]
"F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-15 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-06 202256]

c:\documents and settings\Alice\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-1-15 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-11-21 00:29 98304 ------w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-06-06 00:59 488968 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Pvsw\\Bin\\W3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [22/04/2010 10:26 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [22/04/2010 10:25 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [22/04/2010 10:25 AM 68064]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [22/04/2010 10:24 AM 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [22/04/2010 10:25 AM 55992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2010 11:02 PM 135664]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe --> c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [?]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\Shaw Secure\Anti-Virus\fsbldrv.sys --> c:\program files\Shaw Secure\Anti-Virus\fsbldrv.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/05/2010 1:39 PM 30192]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [22/04/2010 10:24 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [22/04/2010 10:24 AM 25184]
S4 PuranDefrag;PuranDefrag;c:\windows\SYSTEM32\PuranDefragS.exe [26/03/2010 9:23 PM 229376]
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 06:02]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 06:02]

2010-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2142848800-783458416-1166149760-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Alice\Application Data\Mozilla\Firefox\Profiles\krses33b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\Shaw Secure\NRS\[email protected]\components\litmus-ff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 16:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(640)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
.
Completion time: 2010-06-12 16:44:23
ComboFix-quarantined-files.txt 2010-06-12 23:44
ComboFix2.txt 2010-06-12 21:47

Pre-Run: 2,533,208,064 bytes free
Post-Run: 2,519,113,728 bytes free

- - End Of File - - 1F81768A232AE2526EA99D447DA6B394

let me know if i should run otl. and the system still alternates between not responding and running, for eg. realplayer opens but that's it. and firefox does the alternating thing. it seems to have got its speed back but it still lags at times as the entire screen will freeze and i have to turn it off via the master power switch. also those [bleep] updates are eating the rest of my hd and i'm low on space. i cleared a bunch of stuff to get 3 gb and now it's down to 2.37. just wondering if i should clear some of the updates in control panel if it'll let me.

THANX!!!!!
  • 0

#13
Essexboy
Posted 13 June 2010 - 05:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For the windows backups read this page once you are happy with what the ramifications are download and run the programme

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
c:\documents and settings\Alice\Local Settings\Application Data\usmppvsix 

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

NEXT

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

FINALLY

Download and run Puran Disc Defragmenter


Once all this is complete could you re-run OTL quick scan selecting all users, and let me know how things are running :)
  • 0

#14
sutter's mill
Posted 13 June 2010 - 03:01 PM

sutter's mill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hi Essexboy:

ok took awhile. otl didn't respond the first time out and ten upon reboot pc wouldn't turn off so after 15 min or so i hit the power button and restarted later. nothing detected on malwarebytes so i went and cleared the quarantine log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4194

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

13/06/2010 12:45:50 PM
mbam-log-2010-06-13 (12-45-50).txt

Scan type: Quick scan
Objects scanned: 136679
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

there was an otl log from the quick scan all users too and i've attached it in case you want to have a peek.

otherwise some apps still appear sluggish (especially the first time i open it there's quite a wait compared to when i reopen it) and will occasionally alternate from not responding to running. internet is a lot faster, probably back to normal. and i got rid of the hotfixes and reclaimed about 1gb of disk space.

i think all that's left is to hide the system files and get ready for algeria and see if they switch goalies.

THANKS!!!

Attached Files

  • Attached File  OTL.Txt   648.18KB   142 downloads

  • 0

#15
Essexboy
Posted 13 June 2010 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I reckon James will be out for the next match - You only have 510Mb of RAM I would recommend increasing that to at least 1Gb, go to Crucial and run their scanner, this will tell you how much and what type of Ram your system can take

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586-p.exe and select "Run as an Administrator.")


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP