Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Found infection via Malware then PC BSOD on restart with I01 - initial


  • This topic is locked This topic is locked

#1
Elle8

Elle8

    Member

  • Member
  • PipPip
  • 62 posts
Good morning

I have a Dell Dimension 3000. It runs on Microsoft Windows XP Home Edition. Processor Intel® Celeron® CPU 2.66GHz. Processor Speed 2.60 GHz. Operating System Version 5.1.2600. RAM 1024 MB.

AV I use is avast.

Yesterday I did a full scan Malware search with Malwarebytes in safe mode. It found an infection and said it needed to reboot. When I rebooted, it blue screened and gave the error message I01 - initialization failed.

I posted that on here: http://www.geekstogo...63#entry2033563
and Macboatmaster advised me to restart on last known good option, which I did and managed to get back on it.

I then ran a full Malware again and the infection was still there. However, I then saw Macboatmaster's post about not running Malware again in case it doesnot start up, so I cancelled the scan.

I've done OTL and this is what I got.

Thank you very much for your help in advance. Also I'm a bit computer illiterate, so if anything is unclear or if you need anymore information, please ask and speak to me in very very simple language :).

Elle

OTL logfile created on: 06/07/2011 08:26:37 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\LouiseW\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.98 Mb Total Physical Memory | 301.91 Mb Available Physical Memory | 29.54% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 84.97 Gb Free Space | 58.11% Space Free | Partition Type: NTFS

Computer Name: LOUISE | User Name: LouiseW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 08:26:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LouiseW\Desktop\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/11 08:02:02 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/06/14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/03/22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/23 12:27:50 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcfcoms.exe
PRC - [2006/10/12 12:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 09:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 09:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 08:26:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LouiseW\Desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/07 12:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (KPF4)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/11 07:13:57 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/23 12:27:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)
SRV - [2006/10/12 09:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/09 16:34:56 | 001,723,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/30 17:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 18:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/03/09 13:16:30 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/27 16:45:42 | 000,085,760 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2007/10/26 17:54:17 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/26 20:07:39 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forums.moneysavingexpert.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 11:52:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/11 08:03:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 10:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 14:48:26 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 11:52:50 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/11 08:03:11 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 10:18:56 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 14:48:26 | 000,000,000 | ---D | M]

[2011/04/05 20:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Extensions
[2011/05/25 07:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\extensions
[2011/04/05 19:52:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/26 21:34:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/18 19:45:46 | 000,000,000 | ---D | M] (RGGuard) -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\extensions\[email protected]
[2010/01/26 21:35:34 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\searchplugins\bing.xml
[2008/03/09 13:16:35 | 000,002,649 | ---- | M] () -- C:\Documents and Settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\searchplugins\RocketDivisionSearch.xml
[2011/06/24 14:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/22 18:24:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/24 14:48:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LOUISEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BKIWV3AC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/05 11:52:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/24 14:48:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 08:03:11 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2011/05/12 10:18:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2008/06/18 07:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/24 14:48:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/08/27 13:44:00 | 001,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/02/15 21:28:26 | 000,000,715 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [jswtrayutil] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKCU\..Trusted Domains: hotmail.co.uk ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} http://www.couponrep...123/csauie1.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...shUKActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1137604988968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\LouiseW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LouiseW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1848fb4a-03eb-11dc-aad8-0011f5300101}\Shell - "" = AutoRun
O33 - MountPoints2\{1848fb4a-03eb-11dc-aad8-0011f5300101}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1848fb4a-03eb-11dc-aad8-0011f5300101}\Shell\AutoRun\command - "" = F:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 08:26:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LouiseW\Desktop\OTL.exe
[2011/06/24 14:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/08 19:06:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LouiseW\Recent
[2011/04/11 10:53:02 | 007,455,312 | ---- | C] (Siber Systems) -- C:\Program Files\RoboForm-Everywhere-Setup.exe
[2011/04/06 10:32:18 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2010/01/26 21:43:44 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2010/01/26 21:43:44 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2010/01/26 21:43:44 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpmui.dll
[2010/01/26 21:43:44 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfinpa.dll
[2010/01/26 21:43:44 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfiesc.dll
[2010/01/26 21:43:44 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfhcp.dll
[2010/01/26 21:43:44 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2010/01/26 21:43:44 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2010/01/26 21:43:43 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfhbn3.dll
[2010/01/26 21:43:43 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2010/01/26 21:43:43 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe
[2010/01/26 21:43:43 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfih.exe
[2010/01/26 21:43:42 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2010/01/26 21:43:42 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2010/01/26 21:43:42 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcfg.exe
[2008/09/07 13:32:51 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2007/05/19 10:37:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\LouiseW\Application Data\pcouffin.sys
[2006/01/05 23:17:49 | 002,566,736 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 08:26:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LouiseW\Desktop\OTL.exe
[2011/07/06 08:04:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/06 07:45:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 07:44:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 07:44:46 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 19:11:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/05 15:53:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\itiv.sys
[2011/07/05 11:53:33 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 06:37:42 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 06:37:42 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 14:57:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 07:48:29 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\LouiseW\Desktop\HiJackThis.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 21:15:36 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/05 15:53:29 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\itiv.sys
[2011/06/24 14:51:15 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/24 07:09:18 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/04/06 10:42:01 | 062,623,864 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/08/14 12:20:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2010/01/26 21:43:45 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcfinst.dll
[2009/03/27 12:16:29 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/05/16 20:28:46 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/12/20 17:29:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/19 22:37:17 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/10/24 23:39:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/10/24 22:47:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/09/03 22:34:31 | 000,026,726 | ---- | C] () -- C:\Documents and Settings\LouiseW\Application Data\NMM-MetaData.db
[2007/09/01 15:41:17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/08/18 06:23:07 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/08/03 17:35:34 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\LouiseW\Application Data\.zreglib
[2007/07/29 20:14:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/19 17:37:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/10 07:41:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/06/07 18:00:57 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/05/19 10:46:45 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/05/19 10:38:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/05/19 10:37:53 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\LouiseW\Application Data\ezpinst.exe
[2007/05/19 10:37:52 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\LouiseW\Application Data\pcouffin.cat
[2007/05/19 10:37:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\LouiseW\Application Data\pcouffin.inf
[2007/02/24 00:42:30 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/04 20:07:43 | 018,951,556 | ---- | C] () -- C:\Program Files\WindowsLiveMessenger81.exe
[2006/08/18 16:33:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2006/05/25 02:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/15 19:11:13 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/15 19:11:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/15 18:57:12 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2005/11/14 21:48:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/14 21:48:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/10 22:33:07 | 000,224,826 | ---- | C] () -- C:\Program Files\CWShredder.zip
[2005/08/30 11:46:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/20 07:23:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\LouiseW\Local Settings\Application Data\fusioncache.dat
[2005/06/28 18:49:30 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\LouiseW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/05 08:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2005/06/04 15:52:57 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/06/04 15:52:38 | 000,004,139 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/04 15:16:05 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/06/04 13:59:52 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/04 13:44:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/30 14:28:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/30 14:20:38 | 000,000,648 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/30 14:17:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/30 13:58:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/05/30 13:58:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/05/30 13:58:20 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/10 00:29:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\meritmgr.exe
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,261,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,071,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/02/23 00:39:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\MSPUNIN.EXE
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2011/04/06 10:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/11 07:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/08/03 17:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/09/03 22:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/03 22:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/14 12:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2011/04/05 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/05/19 10:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/04/16 11:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/05/30 14:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/08 14:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\DeepBurner
[2007/09/02 11:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\FUJIFILM
[2005/10/08 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Leadertech
[2008/07/20 20:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Nokia
[2009/07/11 08:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Nokia Multimedia Player
[2011/04/25 16:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Opera
[2008/07/20 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\PC Suite
[2008/04/29 17:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\PgcEdit
[2011/04/05 18:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\RoboForm
[2011/07/06 07:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Simple Adblock
[2007/05/19 10:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\SlySoft
[2008/01/12 20:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Snapfish
[2005/11/15 00:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\SpamTest
[2007/08/18 06:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\TrojanHunter
[2008/03/09 13:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\Vso
[2007/06/10 07:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LouiseW\Application Data\WholeSecurity
[2005/11/18 00:06:32 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpy.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGEDIT.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\R.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Start Menu\Programs\Remote Assistance.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Desktop\GenuineCheck-1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to explorer.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LouiseW\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Get Hi-Speed internet.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vsapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\VPTNFILE.943:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNZIP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TSC.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAmain.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMVAINFO.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmupdate.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TMUPDATE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tmadce.ptn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Thumbs.db:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMLoader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TASKMGR.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\T.COM:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SimpleRegistry.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTimeCheck.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qtplugin.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagdwc.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msstdfmt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdvntc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdurdu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdth3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdth2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdth1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdth0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsyr2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsyr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecAT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdintel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdintam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinpun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinmar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinkan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinhin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinguj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdindev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdheb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgeo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddiv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddiv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdarmw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdarme.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbda3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbda2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbda1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Indeo4.qtx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GWFSPidGen.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTKCMO64.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gtdownde_110.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gtdownde_110.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIEn64.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcTypLibA.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcmd5query.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gtipdsp.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fwdrv.err:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT64.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xjis.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tintlphr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prcp.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ksc.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iuengine.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imscinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjputy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjprw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdct.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cplexe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cintsetp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21027.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20949.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20936.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20932.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20290.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1361.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10008.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10003.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10002.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10001.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bopomofo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\big5.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI64.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMDLG32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audiodev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actskin4.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aamd532.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setpwrcg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\runtsckl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RMAgentOutput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\randseed.rnd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\patchw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PATCH.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSPUNIN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_56K Data Fax Modem PnP.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\lpt$vpn.943:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\loadhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\GetServer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dllTSCLIBMT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Dell.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BPMNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AuHCcup1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\aucfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\QuickTime\qttask.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\mozilla firefox\plugins\NPSWF32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\CWShredder.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\resetlogt.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\resetlog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\resetlog.tc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\log.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\Local Settings\Application Data\fusioncache.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LouiseW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Documents\Global.sw2:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Edcrypt.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\LouiseW\ntuser.ini:KAVICHS

< End of report >

Edited by Elle8, 06 July 2011 - 01:53 AM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
:)


  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Download the enclosed file. Attached File  Fix.txt   89.73KB   143 downloads
  • Save it next to OTL.exe.
  • Double click the "Custom Scans/Fixes" window. You will be asked it if you want to load a file. Select Yes. Browse to the Fix.txt you just downloaded and click on it. It contents will appear on the window.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremove...ed-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#3
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks for the quick and detailed response!

Edited by Elle8, 06 July 2011 - 07:04 AM.

  • 0

#4
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi

Here is the C:\_OTL\MovedFiles report.

Thanks.

========== OTL ==========
ADS C:\WINDOWS\System32\wupdmgr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpa.dbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wfwnet.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\utildll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\unicode.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tssoft32.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\timer.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tfswapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\system.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stdole32.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sound.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sortkey.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sndvol32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\riched32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olethk32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olesvr32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oleaccrc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oembios.sig:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oembios.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oembios.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netevent.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml3r.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msgsm32.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msg723.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msg711.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msacm32.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mouse.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mmsystem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mmdrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lz32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\keyboard.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdus.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbduk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ir32_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxssend.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsroute.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsclntR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drwtsn32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ultra.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\toside.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\symc810.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sym_hi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\sparrow.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1280.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1240.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql12160.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql10wnt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ql1080.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\perc2hib.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\perc2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\null.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\mraid35x.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ini910u.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\hpn.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dpti2o.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dac960nt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\dac2w2k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cpqarray.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cmdide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\cbidf2k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\beep.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc3550.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc3350p.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\asc.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\amsint.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aliide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\aha154x.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dfrgres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ctype.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comm.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\clb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\charmap.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\calc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_950.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_850.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28591.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1253.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1251.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1250.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootvid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\$winnt$.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\REGEDIT.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\R.COM:KAVICHS deleted successfully.
ADS C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Start Menu\Programs\Remote Assistance.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\My Documents\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Desktop\GenuineCheck-1.exe:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to explorer.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Get Hi-Speed internet.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\winnt256.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\winnt.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\winhelp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\WindowsUpdate.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\wiaservc.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\vsapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\VPTNFILE.943:KAVICHS deleted successfully.
ADS C:\WINDOWS\vmmreg32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\vbaddin.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\vb.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\UNZIP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\twunk_32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\twunk_16.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\twain.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsc.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\TSC.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMVAmain.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMVAINFO.xml:KAVICHS deleted successfully.
ADS C:\WINDOWS\tmupdate.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\TMUPDATE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\tmadce.ptn:KAVICHS deleted successfully.
ADS C:\WINDOWS\Thumbs.db:KAVICHS deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xjis.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xenroll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuaueng1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wuauclt1.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshnetbs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshisn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wshatm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\write.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowfaxui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowfax.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowexec.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wowdeb.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpns.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpcore.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpcd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmp.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmiprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmimgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmerrenu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINZM.MB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winstrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winspool.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINSP.MB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winsock.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINPY.MB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winoldap.mod:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winnls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winmsd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winmine.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winhlp32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winhelp.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winfax.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winchat.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win87em.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\win.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wifeman.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiavusd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wiasf.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webhits.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\webfldrs.msi:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wdl.trm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbdbase.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wbcache.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\w32topl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\w32tm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vssadmin.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vss_ps.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vjoy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\View Channels.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga64k.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vga256.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vfpodbc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\verifier.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ver.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VEN2232.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vcdex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vbar332.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\v7vga.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrvpa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrvoica.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrv80a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrv42a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrsvpia.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrshuta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrsdpia.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrrtosa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrprbda.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrmlnka.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrlogon.cmd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrlbva.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrfaxa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrdtea.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrdpa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrcoina.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrcntra.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\user.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ureg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\unlodctr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\UMLoader.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ufat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\typelib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsshutdn.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tskill.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsdiscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tscupgrd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsappcmp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\traffic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tracert6.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\toolhelp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tftp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\telephon.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcpmon.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tcmsetup.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TASKMGR.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\taskman.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapiui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapiperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\T.COM:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\systray.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysprtj.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysprint.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\syskey.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysinv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sysedit.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\syncapp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\swprv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\svcpack.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\subst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\subrange.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\streamci.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\storage.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlwoa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlwid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spxcoins.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprio800.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprio600.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sprestrt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\spnike.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sol.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\softpub.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\slbrccsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\slbcsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\skdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sisbkup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SimpleRegistry.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shiftjis.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shellstyle.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shell.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shdocvw.bak:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\share.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shadow.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfmapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sfc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setver.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setupdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\setup.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\serwvdrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\services.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\serialui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\senscfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\secupd.sig:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\secupd.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sdpblb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scredir.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sccbase.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scardssp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\runas.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rtm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvpperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvpcnts.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsvp.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsmui.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsmsink.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rsaci.rat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rpcns4.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\routetab.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\routemon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\route.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rnr20.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\reset.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\replace.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rend.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regwiz.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regini.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regedt32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\redir.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\recover.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasser.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasrad.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasmxs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasmontr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasdial.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasctrs.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasctrs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasctrnm.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rasautou.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QuickTimeCheck.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QuickTime.qts:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\QuickTime.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qtplugin.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qosname.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qdiagdwc.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qappsrv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pubprn.vbs:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\psnppagn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pscript.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pschdprf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pschdprf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pschdcnt.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prodspec.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\print.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prflbmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prcp.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\prc.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PRApplet.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PostProc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\popup.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pmspl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\plustab.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ping6.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pifmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\phonptr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\phoncode.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\phon.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfwci.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfwci.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfts.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfi009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perffilt.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perffilt.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfd009.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfci.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\perfci.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pentnt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pcl.sep:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pathping.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\paqsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\panmap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\osuninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olesvr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olecli.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2nls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2disp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ole2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMINFO.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\odbc16gt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntsdexts.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntsd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntmsevt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlanui2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntlanui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio804.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio412.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio411.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio404.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntio.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntimage.gif:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos804.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos412.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos411.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos404.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ntdos.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.tha:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.kor:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.jpn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.eng:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.cht:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.chs:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nlsfunc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netui2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\neth.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\netapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\net.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncxpnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ncpa.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nbtstat.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\narrhook.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mycomput.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxmlr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml3a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml2r.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvideo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcrt20.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvcp50.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msvbvm50.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msswchx.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msswch.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Msstdfmt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mssip32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mssign32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msrecr40.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msrclr40.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msratelc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msr2cenu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msr2c.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msports.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msobjs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msir3jp.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msir3jp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msidntld.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mshearts.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msencode.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdtcprf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdtcprf.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdayi.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscomct2.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscdexnt.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mscat32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msaudite.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msacm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msaatext.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mrinfo.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mprui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mprmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mprddm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mpnotify.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mountvol.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\modex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mode.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mmutilse.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mmtask.tsk:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mmdriver.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mll_qic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mll_mtf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mll_hp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mlang.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\migpwd.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mib.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mem.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mdhcp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mciwave.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mciseq.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mciole32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mciole16.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mcicda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mciavi.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mcd32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapisvc.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapistub.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\main.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mag_hook.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lzexpand.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lusrmgr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LuResult.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lrnxp.ico:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lprmonui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lpr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lpq.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\logoff.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\loghours.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lodctr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\loadfix.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lnkstub.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lights.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lcptr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lcphrase.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lanman.drv:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\langwrbk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\label.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\l_intl.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\l_except.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ksc.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\krnl386.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\korwbrkr.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\korwbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\korean.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\keyboard.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\key01.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kdcom.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdycl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdycc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdvntc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbduzb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdusx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdusr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdusl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdurdu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdur.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtuq.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtuf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdth3.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdth2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdth1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdth0.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdtat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsyr2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsyr1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsl1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdsf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdru1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdru.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdro.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdpo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdpl1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdpl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdnecNT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdnecAT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdnec95.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdne.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdmac.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlv1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlt1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdlt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdla.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkyr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdkaz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdjpn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdit142.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdir.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdintel.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdintam.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdinpun.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdinmar.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdinkan.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdinhin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdinguj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdindev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhu1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhept.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhela3.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhela2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdheb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe319.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe220.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdhe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgr1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgkl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgeo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdgae.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdfr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdfo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdfi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdfc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdfa.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdest.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdes.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbddv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbddiv2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbddiv1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdcan.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdca.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdbu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdbr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdblr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdbene.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdbe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdazel.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdaze.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdarmw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbdarme.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\KBDAL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbda3.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbda2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbda1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd103.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd101c.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd101b.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kbd101a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kb16.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kanji_2.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kanji_1.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jobexec.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jgsh400.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jgsd400.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jgmd400.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jgaw400.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jet500.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iuengine.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\irclass.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipxsap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipxrip.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipxpromn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipxmontr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ipsec6.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iprtprio.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iologmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\instcat.sql:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\infosoft.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\inetwh32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\inetcplc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Indeo4.qtx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhita.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ifsutil.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ideograf.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\icmui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\icfgnt5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iassvcs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iassdo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iassam.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iasrecst.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iaspolcy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iasnap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iashlpr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iasads.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iasacct.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmgicd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ialmgdev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hticons.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hostname.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\homepage.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hnetmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\himem.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GWFSPidGen.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GTKCMO64.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gtdownde_110.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gtdownde_110.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\graphics.pro:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\graphics.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\graftabl.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gpkcsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\GPCIEn64.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\glmf32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\getuname.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\geo.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gdi.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gcTypLibA.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gcmd5query.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gcdef.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gb2312.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\g711codc.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsperf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxscount.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ftsrch.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fsutil.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fsusd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fsmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\freecell.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fmifs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fixmapi.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\finger.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\find.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fastopen.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\expand.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\exe2bin.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eventvwr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eventvwr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eventcls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\eula.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esentutl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esentprf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esentprf.hxx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esentprf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\esent97.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EqnClass.Dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\emptyregdb.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ega.cpi:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\edlin.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\edit.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\edit.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dvdplay.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dssec.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dsound.vxd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dsauth.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ds16gt.dLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drwatson.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\gtipdsp.bin:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\gm.dls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\fwdrv.err:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dpwsock.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dpserial.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dpnwsock.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dpnmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dplay.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dosx.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\doskey.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\docprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmview.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmocx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmintf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmdskres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmconfig.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DLPT64.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DLPT2.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllhst3g.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\xjis.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmpui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\tintsetp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\tintlphr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\prcp.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\prc.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\migrate.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ksc.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\iuengine.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imscinst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjputy.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjprw.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpmig.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpinst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpdsvr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpdct.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cplexe.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cintsetp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_21027.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_20949.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_20936.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_20932.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_20290.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_20000.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_1361.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_10008.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_10003.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_10002.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_10001.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bopomofo.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\big5.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskperf.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskcopy.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskcomp.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dimap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diactfrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dgsetup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dfrg.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\devmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskadp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\debug.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DDMI64.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ddeml.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbgeng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dayiptr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dayiphr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dxof.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3drm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dramp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dim.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ctl3d32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\csseqchk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\crtdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\country.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\convert.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\control.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\console.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONFIG.TMP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\compobj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\compmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\compact.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\commdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\command.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMDLG32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comctl32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comcat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cnvfat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cnetcfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmpbk32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmos.ram:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cliconf.chm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ckcnv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cidaemon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ciadv.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ciadmin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chtbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chsbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chkntfs.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chkdsk.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chcp.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\certmgr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cdmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ccfgnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cards.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_is2022.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_949.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_936.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_932.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_875.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_874.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_869.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_865.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_863.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_861.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_860.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_857.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_855.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_852.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_775.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_737.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_500.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_437.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28605.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28603.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28599.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28598.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28597.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28595.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28594.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28593.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28592.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_21866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_21027.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20949.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20936.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20932.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20905.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20866.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20290.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20261.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20127.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20000.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1361.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1258.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1257.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1256.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1255.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1254.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1252.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_1026.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10082.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10081.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10079.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10029.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10017.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10010.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10008.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10007.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10006.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10003.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10002.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10001.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_10000.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_037.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bopomofo.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bopomofo.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootvrfy.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootok.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bios4.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bios1.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\big5.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avwav.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avtapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avmeter.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avifile.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avicap32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avicap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\autodisc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Audiodev.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atmpvcno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atkctrs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\arrayhw.tab:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\array30.tab:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\arptr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\arphr.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\arp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\append.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\apcups.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ansi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\adptif.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\actskin4.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\activeds.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acode.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acledit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acelpdec.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acctres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\aamd532.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\aaaamon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\a234.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\a15.tbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\12520850.cpx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\12520437.cpx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\$ncsp$.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WFWNET.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VGA.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TIMER.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SYSTEM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\stdole.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SOUND.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SHELL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\setup.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLESVR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLECLI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MOUSE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MMTASK.TSK:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCISEQ.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIAVI.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\crlds3d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\COMMDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVIFILE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVICAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\smscfg.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\setuplog.del:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupapi.log.0.old:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupapi.del:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupact.del:KAVICHS deleted successfully.
ADS C:\WINDOWS\setpwrcg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\SchedLgU.Txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\runtsckl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\RMAgentOutput.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\River Sumida.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\REGLOCS.OLD:KAVICHS deleted successfully.
ADS C:\WINDOWS\randseed.rnd:KAVICHS deleted successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\patchw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\PATCH.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\orun32.isu:KAVICHS deleted successfully.
ADS C:\WINDOWS\orun32.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBCINST.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\nsreg.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\MSPUNIN.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\msdfmap.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\mozver.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\ModemLog_56K Data Fax Modem PnP.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\lpt$vpn.943:KAVICHS deleted successfully.
ADS C:\WINDOWS\loadhttp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\IsUninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\Greenstone.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Gone Fishing.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\GetServer.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\FeatherTexture.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\explorer.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\dllTSCLIBMT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\dla.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\Dell.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Coffee Bean.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\clock.avi:KAVICHS deleted successfully.
ADS C:\WINDOWS\BPMNT.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\bootstat.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\Blue Lace 16.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\AuHCcup1.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\AuHCcup1.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\aucfg.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\_default.pif:KAVICHS deleted successfully.
ADS C:\Program Files\QuickTime\qttask.exe:KAVICHS deleted successfully.
ADS C:\Program Files\mozilla firefox\plugins\NPSWF32.dll:KAVICHS deleted successfully.
ADS C:\Program Files\CWShredder.zip:KAVICHS deleted successfully.
ADS C:\IPH.PH:KAVICHS deleted successfully.
ADS C:\INFCACHE.1:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\resetlogt.txt:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\resetlog.txt:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\resetlog.tc:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\log.txt:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Local Settings\Application Data\fusioncache.dat:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\Global.sw2:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oleacc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Edcrypt.dll:KAVICHS deleted successfully.
ADS C:\Documents and Settings\LouiseW\ntuser.ini:KAVICHS deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.0 log created on 07062011_140531
  • 0

#5
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi

Here is the Combofix txt. Many thanks in advance for your help!

ComboFix 11-07-06.02 - LouiseW 06/07/2011 14:47:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.575 [GMT 1:00]
Running from: c:\documents and settings\LouiseW\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {532EFE70-19BC-4F0F-8F50-D5F15C243133}
FW: Kerio Personal Firewall *Disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LouiseW\Desktop\Setup.exe
c:\documents and settings\LouiseW\GoToAssistDownloadHelper.exe
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\LouiseW\Local Settings\Temporary Internet Files\mccF.tmp
C:\drvrtmp
c:\windows\AutoRun.ini
c:\windows\patch.exe
c:\windows\regedit.com
c:\windows\system32\BSTIeprintctl1.dll
c:\windows\system32\NeroCheck.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\winsusrm.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 13:05 . 2011-07-06 13:05 -------- d-----w- C:\_OTL
2011-07-05 14:53 . 2011-07-05 14:53 54016 ----a-w- c:\windows\system32\drivers\itiv.sys
2011-06-24 13:48 . 2011-06-24 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-24 13:48 . 2011-06-24 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-24 13:48 . 2011-06-24 13:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-24 13:40 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-04-06 09:44 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2005-06-20 21:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-06 09:45 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-04-06 09:45 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-04-06 09:45 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-04-06 09:45 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-04-06 09:45 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2005-06-20 21:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-04-06 09:45 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-04-06 09:45 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 07:06 . 2011-06-02 17:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-04-06 09:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-04-06 09:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2004-08-10 12:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 11:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-05-30 12:57 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 11:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-11 09:53 . 2011-04-11 09:53 7455312 ----a-w- c:\program files\RoboForm-Everywhere-Setup.exe
2011-04-06 09:42 . 2011-04-06 09:42 62623864 ----a-w- c:\program files\setup_av_free.exe
2011-04-06 09:32 . 2011-04-06 09:32 7734240 ----a-w- c:\program files\mbam-setup.exe
2008-09-07 12:32 . 2008-09-07 12:32 15083520 ----a-w- c:\program files\spybotsd160.exe
2007-01-04 19:07 . 2007-01-04 19:07 18951556 ----a-w- c:\program files\WindowsLiveMessenger81.exe
2006-01-05 22:21 . 2006-01-05 22:17 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2011-05-12 09:18 . 2011-04-05 19:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-05-11 107000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-30 98304]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2011-5-24 4573664]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-8-14 921707]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-04-11 06:13 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 08:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21209:TCP"= 21209:TCP:BitComet 21209 TCP
"21209:UDP"= 21209:UDP:BitComet 21209 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/03/2008 13:16 716272]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/04/2011 10:45 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2011 10:45 309848]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [09/03/2008 13:16 85760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2011 10:45 19544]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [14/08/2010 12:20 61529]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [24/05/2011 07:09 268768]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [24/05/2011 07:09 1723840]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [24/05/2011 07:09 57440]
S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys --> c:\windows\system32\drivers\fwdrv.sys [?]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [24/05/2011 07:09 360529]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [06/04/2011 10:33 39984]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.moneysavingexpert.com/
mStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: hotmail.co.uk
Trusted Zone: hotmail.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
FF - ProfilePath - c:\documents and settings\LouiseW\Application Data\Mozilla\Firefox\Profiles\bkiwv3ac.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-NeroCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 15:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3776843371-552332407-903420410-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F63464-1CC6-1396-4CF6-2C49227D133F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbcbeacmjhcfdgonaknmjecgkodkbacgkpio"=hex:66,61,6d,70,64,69,61,69,67,61,6e,65,
00,0a
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1456)
c:\program files\Citrix\GoToAssist\599\G2AWinLogon.dll
c:\windows\system32\PRISMAPI.DLL
c:\windows\system32\athgina.dll
.
Completion time: 2011-07-06 16:05:35
ComboFix-quarantined-files.txt 2011-07-06 15:05
.
Pre-Run: 91,001,696,256 bytes free
Post-Run: 91,289,653,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4F2FB0CB85E019293C53BA8EC1ABEB2E
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Launch Malwarebytes Antimalware. Select the the logs tab and the report that correspond to the session that made your computer unbootable. Post its contents in a reply. In addition, perform an online scan at ESET and let me know the outcome.
  • 0

#7
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thank you for your reply.

Malwarebytes log below:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7026

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/07/2011 15:53:23
mbam-log-2011-07-05 (15-53-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 257123
Time elapsed: 1 hour(s), 27 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\i386\gtdownde_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Once you have finished the Online Scan, launch Malwarebytes. Select the quarantine tab and restore gtdownde_87.ocx if available. Then do this:

Jotti File Submission:

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to scan"box on the top of the page:

    • c:\i386\gtdownde_87.ocx
  • Click on the submit button
  • Please post the results in your next reply.

  • 0

#9
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
ESET scan

Threat found and cleaned:
Scanned files: 87154
Infected files: 1
Cleaned files: 1
Total scan time: 1h 06m
Scan status: Finished

Target: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP545\A0122292.exe
Threat: Win32/RegistryBooster application
Action: deleted - quarantined

Do I need to do anything more or should I be safe now please?



Also what else can I do to prevent this from happening again please?

Edit: Just saw your post above. Will do that now.
Thanks

Edited by Elle8, 06 July 2011 - 11:31 AM.

  • 0

#10
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Jotti's malware scan results:



GTDownDE_87.ocx
Status: Scan finished. 9 out of 20 scanners reported malware.
Scan taken on: Sat 25 Jun 2011 02:15:47 (CET) Permalink
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
I would have preferred the link to the results. Think you can post it?
  • 0

#12
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks. I'll do it now.

Edited by Elle8, 06 July 2011 - 11:42 AM.

  • 0

#13
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Sorry I'd closed the window and then saw your post requesting a link, so had to do again. Here it is.

Thanks.

http://virusscan.jot...91cd3eb82e4f543
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,999 posts
Better be safe than sorry. Please delete the following file:

c:\i386\gtdownde_87.ocx

The rest looks clear, congratulations.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Manually remove any tool left.

Create a Restore point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people.

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#15
Elle8

Elle8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thank you very much for your help and time! I'm extremely grateful.

I've been reading through Miekiemoes's article. The PC started being slow earlier this week and I'd used a document that I'd been working on in a public place, so I'll run the MalwareBytes software on the laptop too and see what happens. Hopefully it's clean.

I've done everything now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP