Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All Ezinearticles.com urls redirecting to "server not found"

Started by angelfire4xx , Jan 28 2012 04:27 PM

  • Please log in to reply

#1
angelfire4xx
Posted 28 January 2012 - 04:27 PM

angelfire4xx

    New Member

  • Member
  • Pip
  • 1 posts
I'd be so glad if you could help - what a Godsend you guys are...
My OS & security: Windows XP, Avast Antivirus. I don't use file-sharing sites.

I'm pretty sure I have malware. Discovered on Jan 24th that all ezinearticles.com urls that I type into Firefox, IE8 or Opera redirect to 'server not found' on my pc, but not on my Mac laptop which uses the same wifi router. Here's what I've tried to do to clean up:

Cleared recent history (Firefox) including cookies and checked c:\windows\system32\drivers\etc\hosts.
Ran Malwarebytes quick scan - nothing found.
Did a quick scan with Avast - nothing found.
Googled the problem, found nothing relating specifically to ezinearticles.com redirection but one guy on a forum said he downloaded and ran Combofix which fixed a similar problem for him, and he recommended to everyone to do this, so I did. Problem was not fixed but I have the log if you need it.

V. concerned by now so next day downloaded ZoneAlarm firewall to replace Windows firewall.
After more googling discovered that helpsites tell you not to use Combofix on your own so I deleted the program to be on the safe side.
Today did a rootkit scan with Avast for the first time and it found the malware items below, which I put in the chest
Win32 Morphex [Cryp]
Java: Jade-C [Heur]
Java: CVE-2010-0094-C [Expl]

I rebooted but the redirect problem was not solved. After more googling decided to delete old Java program versions and install up to date version. Then ran System Mechanic for a general cleanup and rebooted. Problem not solved. Found your forum. Below are the OTL logs. Your help sincerely appreciated.

OTL logfile created on: 28/01/2012 21:06:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.12% Memory free
3.84 Gb Paging File | 2.99 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 262.65 Gb Free Space | 56.40% Space Free | Partition Type: NTFS

Computer Name: 0IGOTOZG63 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 21:02:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/01/28 18:44:45 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/12/22 09:42:46 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/26 16:29:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/10/26 16:22:02 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/10/24 15:49:22 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/19 10:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/10/19 10:18:18 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/08/19 15:05:22 | 000,042,440 | ---- | M] (Pro-SoftNet Corp, U.S.A) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2010/04/22 18:04:46 | 000,267,720 | ---- | M] ( Pro-Softnet) -- C:\Program Files\IDrive\IDriveWebM.exe
PRC - [2008/10/09 15:33:34 | 002,086,912 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/10/09 15:32:56 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/08 00:06:12 | 001,581,056 | ---- | M] (Arclab Software Technologies) -- c:\Program Files\Arclab\MailList Controller\amlcSVC.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2006/06/30 06:31:10 | 001,106,386 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/06/29 19:06:32 | 001,848,150 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/06/29 19:06:00 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/05/17 16:05:52 | 002,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2006/03/15 14:41:18 | 000,348,160 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD) -- C:\Program Files\TP-LINK\TWCU\TWCU.exe
PRC - [2005/08/05 05:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/10/30 09:40:34 | 000,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/28 09:47:25 | 001,687,552 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12012800\algo.dll
MOD - [2011/12/22 09:42:46 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/12/15 09:49:37 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/13 08:01:59 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/13 08:01:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 08:01:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 08:00:25 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/13 08:00:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 07:57:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 07:57:47 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 07:57:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 07:57:16 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/12 19:41:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 19:40:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 19:39:49 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 19:39:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/12 19:39:32 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/07 12:52:24 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/22 17:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/05/18 10:53:44 | 001,496,576 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 10:53:44 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2010/08/15 10:43:08 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
MOD - [2010/06/22 07:37:28 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/11/03 16:40:53 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/05/29 14:37:16 | 000,034,816 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\Aquarius.dll
MOD - [2008/03/25 04:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/06/29 18:54:56 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\rpc_client.dll
MOD - [2006/05/17 16:05:52 | 002,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
MOD - [2006/05/04 13:23:36 | 000,110,592 | ---- | M] () -- C:\Program Files\dBpowerAMP\dBShell.dll
MOD - [2005/11/13 14:22:38 | 000,217,088 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\NWTools.dll
MOD - [2005/08/05 05:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2005/07/20 04:53:04 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\acAuth.dll
MOD - [2002/10/30 09:40:34 | 000,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe
MOD - [2001/07/31 11:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/28 18:44:45 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/26 16:29:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/19 10:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/08/19 15:04:54 | 000,148,936 | ---- | M] (Pro Softnet Corporation) [Auto | Stopped] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/04/22 18:04:46 | 000,267,720 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDriveWebM)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/09 15:32:56 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/08/08 00:06:12 | 001,581,056 | ---- | M] (Arclab Software Technologies) [Auto | Running] -- c:\Program Files\Arclab\MailList Controller\amlcSVC.exe -- (MailList Controller)
SRV - [2008/04/14 00:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) [Disabled | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/08/05 05:10:44 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/03/09 20:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2011/12/22 09:13:00 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 17:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/26 16:22:02 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/10/19 10:18:14 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/07 12:52:24 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2009/12/18 21:44:34 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/23 10:57:22 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/01/03 17:14:10 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/01/03 17:14:10 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/01/03 17:14:05 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/10/16 14:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/10 11:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/25 00:12:06 | 000,354,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/28 12:00:00 | 000,005,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpt4qic.sys -- (hpt4qic)
DRV - [2006/01/26 12:21:04 | 000,034,686 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 05:31:34 | 000,032,768 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/03/29 17:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ifp800.sys -- (IFP800)
DRV - [2004/03/29 17:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ifp700.sys -- (IFP700)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/08/14 14:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/03/02 01:00:54 | 000,635,716 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel®
DRV - [2001/08/27 13:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS -- (EUSBMSD)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/07/26 22:26:08 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CW50.sys -- (CW50)
DRV - [2000/06/15 15:33:36 | 000,004,994 | ---- | M] (American Megatrends, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDCUMINI.sys -- (HITUMINI)
DRV - [2000/06/15 15:33:28 | 000,017,123 | ---- | M] (American Megatrends, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDCUMASS.sys -- (HituMass)
DRV - [1997/08/11 22:30:00 | 000,082,944 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\epatapnt.mpd -- (epatapnt)
DRV - [1997/04/07 12:38:52 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\sharshtl.sys -- (SHARSHTL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 18 3A 8E 52 DB CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/10/27 20:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/02/01 22:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/12/31 16:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/12/31 16:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/25 13:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 09:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 09:42:51 | 000,000,000 | ---D | M]

[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/28 19:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions
[2010/04/28 17:07:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/03 08:46:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/18 11:51:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/08/30 10:09:51 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/12/28 17:19:57 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2011/09/23 16:22:47 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2011/12/21 11:03:44 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/08/30 13:46:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/09 17:15:07 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/12/08 09:46:55 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/01/22 22:39:58 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/05/24 08:05:23 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/01/09 08:32:09 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2011/03/21 20:05:05 | 000,000,000 | ---D | M] ("Blank Canvas Signatures for Gmail ") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2010/03/19 22:56:18 | 000,000,000 | ---D | M] (SEO Blogger) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2011/06/21 21:30:30 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2011/09/17 10:48:13 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2011/10/31 09:40:53 | 000,000,000 | ---D | M] (Stealthy) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]
[2011/10/31 09:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\[email protected]\chrome
[2009/05/31 13:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/27 20:37:31 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/09 00:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/08/09 00:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/06/23 16:42:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/23 16:42:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/23 16:42:58 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/23 16:42:58 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/25 20:57:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://shop.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.truedoc.c...ex/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41695A8E-6414-11D4-8FB3-00D0B7730277} http://activex.micro...jects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (AccountTracking Profile Manager Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifes...ll/pinstall.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1146667490500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7901.2256134259 (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} http://activex.micro...jects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} http://activex.micro...jects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg...ol_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB41B01-A73B-4A02-B6C6-351D23A4B011}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7683FB5-EED4-4E31-BDC3-8C41F6101A86}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:48:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/28 21:02:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/28 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/01/28 18:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/28 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/25 20:18:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/25 20:14:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 20:14:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 20:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 20:14:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 20:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 20:14:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 20:13:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2012/01/25 13:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/01/25 13:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/13 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\TaxCalc 2011
[2012/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Backlinks Report
[2012/01/10 12:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\WATER ORG POSTS
[2012/01/01 15:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\FURNITURE
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 21:02:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/28 20:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 20:43:19 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/01/28 19:36:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/28 19:34:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/28 18:59:23 | 000,437,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/28 18:59:23 | 000,069,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/28 18:53:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/28 18:52:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/28 11:09:35 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 19:40:08 | 000,000,648 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/01/27 19:39:56 | 000,008,006 | ---- | M] () -- C:\WINDOWS\qwshellx.ini
[2012/01/25 20:57:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/25 13:29:38 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/06 14:33:34 | 005,135,836 | ---- | M] (TweetAdder.com) -- C:\Documents and Settings\User\Desktop\tweetadder3.exe
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2012/01/04 16:31:14 | 000,002,908 | ---- | M] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 15:35:36 | 000,145,358 | ---- | M] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 20:18:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 20:14:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 20:14:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 20:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 20:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 20:14:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 13:22:46 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/04 16:31:13 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 16:03:43 | 002,620,762 | ---- | C] () -- C:\Documents and Settings\User\Desktop\09 CaroMioBen.wma
[2012/01/01 15:35:32 | 000,145,358 | ---- | C] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[2011/11/30 15:42:24 | 000,007,219 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/11/30 15:16:52 | 000,000,417 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/11/30 15:16:51 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/11/06 11:43:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2010/12/14 12:55:16 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/04 15:21:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 15:21:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 15:21:15 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/04 15:21:15 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/04 15:21:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/21 12:18:55 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2010/08/21 12:18:54 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/01/15 20:26:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SmartAdWrapper.INI
[2009/12/12 16:54:27 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2009/10/23 16:57:24 | 019,247,104 | ---- | C] () -- C:\Documents and Settings\User\Application Data\TweetAdder
[2009/08/20 20:19:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/08/20 20:16:11 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/20 20:16:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/13 10:51:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/08/13 10:43:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/08/04 14:11:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/04 14:11:06 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/07/01 16:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/06/02 16:39:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/10 18:24:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/16 15:55:33 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/09/22 14:21:34 | 000,127,092 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/09/02 16:04:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BinCoder.dll
[2008/08/20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/19 16:17:06 | 000,149,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2008/08/19 16:17:06 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2008/08/19 16:17:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/08/19 16:17:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/08/12 21:04:59 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2008/05/11 09:39:05 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/03/14 19:16:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/14 19:14:35 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/03/14 19:11:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/07/30 08:10:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/07/21 14:07:12 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/21 14:07:12 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/21 14:07:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/21 14:07:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/21 14:07:12 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/21 14:07:12 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/21 14:07:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/21 14:07:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/21 14:07:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/21 14:07:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/21 14:07:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/21 14:07:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/21 14:07:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/21 14:07:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/21 14:07:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/21 14:07:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/21 14:07:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/21 14:02:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
[2007/03/27 18:38:22 | 000,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2007/03/12 12:12:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2006/10/01 09:55:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ebraryRdr.ini
[2006/06/17 18:09:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchBenches
[2006/06/17 18:09:03 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchScores
[2006/06/17 18:08:42 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPrefs
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench5
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench4
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench3
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench2
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench1
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench0
[2006/06/08 22:05:59 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2006/05/04 13:24:00 | 000,036,593 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/05/03 14:13:06 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/05/03 14:12:30 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/04/26 14:36:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/26 14:36:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/26 14:36:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/26 14:36:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/20 22:06:43 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/04/11 12:30:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/15 13:41:47 | 000,001,089 | ---- | C] () -- C:\WINDOWS\atm.ini
[2005/12/27 18:16:30 | 000,000,180 | -H-- | C] () -- C:\WINDOWS\System32\einfopsv10.dll
[2005/11/16 12:01:53 | 000,002,936 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/13 13:19:56 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/11/13 13:19:31 | 000,003,445 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/13 13:04:19 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\PCRVersion.ini
[2005/10/29 10:15:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/10/10 14:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/10/03 13:29:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2005/03/29 13:59:47 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2005/02/23 13:59:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/25 17:34:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/12/25 17:34:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/15 10:40:34 | 000,000,062 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2004/11/12 16:04:10 | 000,795,832 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/11/05 14:20:20 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2004/09/29 14:17:28 | 005,927,424 | ---- | C] () -- C:\WINDOWS\System32\Drs732.dll
[2004/09/14 18:36:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\lifeart.ini
[2004/08/30 14:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dm.ini
[2004/05/22 08:18:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/02 17:50:19 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/27 09:31:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini
[2004/04/23 14:01:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\HANDLE.INI
[2004/03/08 13:24:47 | 000,011,036 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2004/03/07 22:23:27 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/02/17 10:22:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TyrannLite.dll
[2003/12/31 16:02:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/12/27 13:16:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2003/12/27 13:15:06 | 000,000,407 | ---- | C] () -- C:\WINDOWS\webpos20.ini
[2003/12/22 15:24:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\QVPC.INI
[2003/10/26 11:59:10 | 000,001,783 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/10/24 21:59:18 | 000,000,313 | ---- | C] () -- C:\WINDOWS\browsev2.ini
[2003/10/24 13:44:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xwsindex.exe
[2003/10/22 16:12:09 | 000,009,336 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML
[2003/10/22 09:26:08 | 000,008,006 | ---- | C] () -- C:\WINDOWS\qwshellx.ini
[2003/10/10 23:02:56 | 000,000,090 | ---- | C] () -- C:\WINDOWS\A5.INI
[2003/10/10 22:51:07 | 000,000,186 | ---- | C] () -- C:\WINDOWS\rtpatch.ini
[2003/10/10 22:48:43 | 000,003,433 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2003/10/10 22:48:43 | 000,000,648 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 21:21:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/09 19:27:13 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2003/10/09 11:50:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/10/09 11:32:05 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/09 11:01:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/10/07 12:44:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/10/07 11:57:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/07 11:57:01 | 000,939,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/10/07 11:18:45 | 000,000,154 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/10/07 11:18:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/10/07 11:18:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/10/07 11:18:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/10/07 11:18:35 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/10/07 11:18:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/10/07 11:16:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/10/07 11:16:27 | 000,028,672 | R--- | C] () -- C:\WINDOWS\htpatch.exe
[2003/10/07 11:16:27 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2003/10/07 11:14:55 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/10/07 11:14:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/10/07 11:12:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/07 11:08:15 | 000,024,208 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/09 13:40:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/04/09 13:40:14 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/04/09 13:40:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/04/09 13:40:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/04 03:09:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2002/11/04 03:09:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2002/09/02 15:45:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 12:00:00 | 000,437,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,069,536 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002/03/31 13:26:54 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ISYSKNOW.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/07/05 10:00:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/24 14:38:02 | 000,002,496 | ---- | C] () -- C:\WINDOWS\ISYS.INI
[1998/09/30 13:11:20 | 000,657,408 | ---- | C] () -- C:\WINDOWS\System32\ISYSU532.DLL
[1998/07/31 04:14:40 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ISYSSQL.INI
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2006/06/22 15:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/07/04 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\allTunes
[2010/10/23 07:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/04/10 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/04/10 14:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/01/25 13:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2007/07/21 14:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2003/10/24 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2011/03/19 22:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2010/12/14 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/28 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/10/23 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jan1024188's software
[2009/11/08 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2012/01/28 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/04/08 08:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/03/07 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2012/01/20 17:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/04 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/07/21 14:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/04/29 20:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/08 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/04/08 08:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xara
[2011/11/23 22:35:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2006/07/04 18:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\allTunes
[2010/09/02 19:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2003/12/23 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anvil Studio
[2009/09/30 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Artisteer
[2011/09/04 12:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\calibre
[2010/10/23 07:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CheckPoint
[2010/07/24 17:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CherryPickerLive
[2010/07/24 21:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CoffeeCup Software
[2010/09/04 12:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.7digital.downloadmanager
[2011/10/06 10:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2011/04/07 11:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2009/10/27 20:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\eMusic
[2007/07/30 08:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EPSON
[2007/04/27 09:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileMaker
[2012/01/18 19:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2010/03/14 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
[2008/12/20 13:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Foxit
[2011/10/14 09:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Foxit Software
[2011/03/19 22:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreeHideIP
[2010/04/29 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2003/10/12 10:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GlobalSCAPE
[2010/03/14 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrabPro
[2003/12/31 17:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Greenpoint
[2011/04/01 20:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBP
[2009/03/19 08:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iolo
[2006/04/11 12:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IsolatedStorage
[2006/05/18 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jasc
[2009/06/15 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\KompoZer
[2011/11/23 22:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LiveSoftware
[2010/04/08 08:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MAGIX
[2007/03/27 18:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Musicmatch
[2007/09/15 18:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Neuratron
[2009/01/25 12:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nvu
[2010/03/14 18:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenCandy
[2010/08/25 12:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2010/09/01 21:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit
[2009/08/20 20:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\pdf995
[2010/03/14 18:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\pdfforge
[2009/04/17 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qualcomm
[2010/06/13 12:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RockstarSuite
[2009/12/18 21:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung
[2009/05/25 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Search Settings
[2011/01/05 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SEORankFinderv2
[2010/08/21 11:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Serif
[2012/01/14 21:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2010/04/29 11:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TP
[2009/04/15 16:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2012/01/27 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetAdder3
[2009/08/03 17:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2006/04/26 14:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2010/04/26 16:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vodafone
[2008/09/02 16:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Xara
[2010/10/02 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Youtube Downloader HD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\webpos20.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsccvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapectrl.cfg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SpoonUninstall.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pnpwhsc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NvCpl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpotscl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\serscan.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HCF_MSFT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\quotes:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmuda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210usd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmuda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\cmicnfg.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSUSBrg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSport.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\msshlib2.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mover.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\MDACSET.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\GRAPH5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Forest.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EXCEL5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DYNAZIP.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Clouds.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Circles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Bubbles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\analyse.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\NoteWorthy Composer.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Musicnotes Player.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\ntuser.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WPR.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tasks\Symantec NetDetect.job:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xwsindex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSDBFLEX.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBDB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR2232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5StKit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB40032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\udaprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TyrannLite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TLBINF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TABCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stkit432.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTABS32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTAB.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSDOCK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPIN32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SELFREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRRUN.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRIPTLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACREG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qvusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLP32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLIP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextje.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextj_.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXTJ_.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtext.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXT.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgmus.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGMUS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgjazz__.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgjazz__.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgchords.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGCHORDS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODKOB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OC30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvmctray.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nviewimg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSWINSCK.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msvcrt10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPX3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPDOX35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOUTL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLS2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT4JLT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCH35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBGEN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MabryObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lvkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWVC13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWND13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltwen13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttwn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttw213n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttls13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTTLB13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltsgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTSCR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTRTN13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltpnt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltpdg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltlst13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltisi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTIMG13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTEFX13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDic13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltcry13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCON13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTAUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltann13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfxwd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXpm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXbm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfwmf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwfx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfvec13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftga13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFSMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfshp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsgi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfRaw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfras13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPTK13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPNM13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfplt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfPCL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmsp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmac13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflma13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFJ2K13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfitg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfimg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfiff13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfica13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgbr13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfflc13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffax13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfeps13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdxf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdrw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfdgn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfCUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMW13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfclp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfcgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfcal13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfawd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfavi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfani13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfAFP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keystone.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JAVALE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSU532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDFL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDF3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYS532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INLOADER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETCTLS.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMOCX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMGMAN31.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WMF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TIF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TGA.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PNG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCD.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31JPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31IMG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31FAX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31EPS.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31DXF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31BMP.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HTMUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPZc3212.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLP95EN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HANDLE.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPHttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fnfilter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dzgtactx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SHARSHTL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\EPATAPNT.MPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDAO36.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBMSSOCN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBADAPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATALIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTVLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSPLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSFORM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCOMB32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCMD32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRSWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMDLG32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comct332.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMDIALOG.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIRAS.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besched.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BENTOFIO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Base64.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\azip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTPRX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asutl8.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADODC.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADIST5.PPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\vaspid.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\READMEHP.WRI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCONNECT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PJAM.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PFEED.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PERROR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOVER.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOMMERR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PADDPAP.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5EO.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmswtape.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmids3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CmiCnfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.003:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.002:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.001:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.000:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SSB.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SKY32V3C.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIS_LIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\rtpatch.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\qwshellx.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QVPC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QUICKEN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q828026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q819696.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817606.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817287.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q815021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q814033.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811630.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811493.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810833.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810577.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810565.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329834.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329441.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329390.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329170.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329115.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329048.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q328310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q323255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_Intel® Ham 5628 V.92 Modem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mdm.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840374.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB837001.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB835732.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828741.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828035.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828028.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB825119.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824146.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824141.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824105.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823559.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823182.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB821557.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB810217.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\JAUTOEXP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSSQL.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSKNOW.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.GRP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\INTUIT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IEPatchUninstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DUNZIP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DINSTALL.RC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dahotfix.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIUninstall.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMISETUP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CmiRmRedundDir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIRmDriver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMCDPLAY.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CDPlayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\browsev2.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AWMODEM.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\A5.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\VIRTPART.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\msconfig.exe.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\My Documents\xxLogins.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\zzTO-DO.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Quicken 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Alpha 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\CONFIG.SYS:KAVICHS

< End of report >

OTL Extras logfile created on: 28/01/2012 21:06:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.12% Memory free
3.84 Gb Paging File | 2.99 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 262.65 Gb Free Space | 56.40% Space Free | Partition Type: NTFS

Computer Name: 0IGOTOZG63 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Disabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Disabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{072D2077-9E22-4F7F-B817-A92CA6CCC843}" = iriver Music Manager
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver
"{0E6111C9-0825-4D20-8285-27EB61612E9C}" = Xara Xtreme 5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{1A3606EF-1B6E-4C37-A371-8BC0C67E0B09}" = Magic Article Rewriter
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{33311EA4-0ECA-4E7F-83E5-8A92CD760152}" = Serif DrawPlus Starter Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C32037A-9FB6-11D6-9065-0040266A2263}" = CD/DVD LABEL PRINTER
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D6CE6CE-E1C1-47C9-A734-78C53EBA5255}" = Xara Web Designer 6
"{43761247-C473-46D5-9518-895B0FA459C3}" = Tweet Adder 3
"{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5431746A-60A3-4529-8A07-A7B726FF35A5}" = CommentKahuna
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{55FFD2A7-065B-408A-BC55-BB7958874D14}" = Ad Words Digger
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{6595F961-3BAC-11D4-98C4-00A0CC555167}" = Serif DrawPlus 5.0 Design CD-ROM
"{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}" = FileMaker Pro 7
"{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6D67E935-225B-4404-8AB7-A29FD6EBCB09}" = Magic Article Submitter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741F98CD-A082-47C1-84CA-2D9B30204B7D}" = ZoneAlarm Security
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77287C02-9B72-4EA1-B3C3-D6AEAB36C381}" = ZoneAlarm Firewall
"{7A1DE746-F5D0-4A21-943B-39A3F243C32A}" = ArcSoft TotalMedia HDCam
"{7B17D064-0488-4633-8314-F98443F1A283}" = calibre
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{81A9DBA0-15D6-11D4-988C-00A0CC555167}" = Serif DrawPlus 5.0
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDsc2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8780F4A9-3234-42CB-B444-517F314444B1}" = ArcSoft Print Creations
"{89BF466B-165B-B3F6-FC99-4B3E0FC2E2FA}" = 7digital Download Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F4A0E14-CF92-5B68-CAD8-ACA4DE0A4E43}" = SEORankFinderv2
"{8F6E4272-B797-4523-8A4E-9FF01E1E0B16}" = Ulead DVD MovieFactory 5 TBYB
"{95549A84-FFED-4901-A796-CD163FC65C80}" = Ringtone Media Studio
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049CF2-6702-4657-9BB6-CD1F6F0052F6}" = Mobile Studio
"{9FFCBA8E-365C-454B-B841-5D37E1DB5ECF}" = YoGen Vocal Remover
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7857926-6EF1-4205-BD99-D05E2BE44546}" = Ulead DVD DiscRecorder 2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1914265-0D07-48E0-A937-F20A76D0032D}" = Acronis True Image Home
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DA652575-2F85-4D4D-97D2-3CA9F40DE22E}" = Xara Webstyle 4
"{DCC8DA46-5386-1941-7065-3FDB3C7BD0F6}" = CherryPicker
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EEA1BB90-CF27-449E-B269-0C5A660AC4C1}" = Serif DrawPlus X4
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F6F272EF-6239-45A6-B9DC-D2C11CFF73C5}" = Dolet Light for Finale 2005
"{FD38FCBF-28FF-4ABD-9003-101178B7D9AE}" = Web Designer 6 Content
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"allTunes" = allTunes
"AmazingMIDI" = AmazingMIDI
"Article To Video Converter" = Article To Video Converter 1.0
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Camera Utility" = Camera Utility
"CamStudio" = CamStudio
"CASIO Digital Camera v3.1" = CASIO Digital Camera v3.1
"CherryPickerLive" = CherryPicker
"Classicsonline_DLM" = Classicsonline
"C-Media Audio" = C-Media 3D Audio
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.7digital.downloadmanager" = 7digital Download Manager
"Corel Applications" = Corel Applications
"CutePDF Writer Installation" = CutePDF Writer 2.7
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Digital Editions" = Adobe Digital Editions
"Directory Lister_is1" = Directory Lister v0.8.1
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eKeys" = eKeys
"eMail-Printery 1" = eMail-Printery 1
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 User's Guide" = ESDX6000_CX5900 User's Guide
"FileZilla Client" = FileZilla Client 3.5.0
"Finale 2005" = Finale 2005
"Finale Performance Assessment" = Finale Performance Assessment
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free SMTP Server_is1" = Free SMTP Server
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GPL Ghostscript 8.56" = GPL Ghostscript 8.56
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"IBP11_is1" = IBP 11.7.6
"IDrive_is1" = IDrive version 3.3.3 August 21, 2010
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"ISYS Text Retrieval" = ISYS Text Retrieval
"Java Web Start" = Java Web Start
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.5
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MAGIX_MSI_Xara_Web_Designer_6" = Xara Web Designer 6
"MailList Controller_is1" = MailList Controller 7.02 Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midi2Wav Recorder" = Midi2Wav Recorder
"MidiIllustrator_is1" = MidiIllustrator v1.02
"MIDInight Express II" = MIDInight Express II
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player" = Musicnotes Player
"MWSnap 3" = MWSnap 3
"Native Instruments Sibelius Player" = Native Instruments Sibelius Player
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Neuratron PhotoScore Ultimate" = Neuratron PhotoScore Ultimate
"Note Attack_is1" = Note Attack v1.36
"NoteWorthy Composer" = NoteWorthy Composer
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Nvu_is1" = Nvu 1.0PR
"Opera 11.10.2092" = Opera 11.10
"Orbit_is1" = Orbit Downloader
"PC Tune-Up" = PC Tune-Up
"Pdf995" = Pdf995
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.1
"PnSave_is1" = DzSoft Paste & Save 2003
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SEORankFinderv2" = SEORankFinderv2
"Sibelius Scorch" = Sibelius Scorch
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SiteMap Generator_is1" = SiteMap Generator 0.95 (beta)
"Smart Ad-Wrapper_is1" = Smart Ad-Wrapper 1.1.1
"SmartScore MIDI Edition" = SmartScore 3.2 MIDI Edition
"Spotify" = Spotify
"TaxCalc 2004" = TaxCalc 2004
"TaxCalc 2005" = TaxCalc 2005
"TaxCalc 2006" = TaxCalc 2006
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2008" = TaxCalc 2008
"TaxCalc 2009" = TaxCalc 2009
"TaxCalc 2010" = TaxCalc 2010
"TaxCalc 2011" = TaxCalc 2011
"TurboCASH_is1" = TurboCASH 3.7.5.1
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.1.0
"VMidi" = vanBasco's Karaoke Player
"WebCEO70_is1" = Web CEO 8.1
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Arquivo do WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xara Web Designer UK" = Xara Web Designer
"Xenu_is1" = Xenu's Link Sleuth
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Artist's Sketchbook 1.65" = Artist's Sketchbook 1.65
"Dropbox" = Dropbox
"eBook Reader" = eBook Reader
"GoogleToolBar" = GoogleToolBar
"GoToMeeting" = GoToMeeting 4.0.0.320
"YouTube Player" = YouTube Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/01/2012 14:09:54 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 26/01/2012 14:42:17 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 27/01/2012 05:00:19 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28/01/2012 07:12:25 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28/01/2012 08:33:50 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28/01/2012 14:32:13 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28/01/2012 14:55:07 | Computer Name = 0IGOTOZG63 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28/01/2012 15:29:56 | Computer Name = 0IGOTOZG63 | Source = Application Hang | ID = 1002
Description = Hanging application SysMech.exe, version 10.7.7.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/01/2012 17:05:35 | Computer Name = 0IGOTOZG63 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/01/2012 17:06:24 | Computer Name = 0IGOTOZG63 | Source = Application Hang | ID = 1002
Description = Hanging application IDriveETray.exe, version 3.3.0.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 28/01/2012 14:55:16 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7000
Description = The IDriveE Service service failed to start due to the following error:
%%1053

Error - 28/01/2012 14:56:41 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 28/01/2012 14:57:13 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IDriveE Service service
to connect.

Error - 28/01/2012 14:57:13 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7000
Description = The IDriveE Service service failed to start due to the following error:
%%1053

Error - 28/01/2012 14:57:48 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IDriveE Service service
to connect.

Error - 28/01/2012 14:57:51 | Computer Name = 0IGOTOZG63 | Source = Service Control Manager | ID = 7000
Description = The IDriveE Service service failed to start due to the following error:
%%1053

Error - 28/01/2012 15:45:01 | Computer Name = 0IGOTOZG63 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 28/01/2012 15:45:08 | Computer Name = 0IGOTOZG63 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 28/01/2012 15:45:17 | Computer Name = 0IGOTOZG63 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 28/01/2012 15:47:18 | Computer Name = 0IGOTOZG63 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.


< End of report >

Edited by angelfire4xx, 28 January 2012 - 04:30 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP