ljyates
-
Content Count
17 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by ljyates
-
-
Thank You!!!
-
Eset scan found no threats !!!
-
Clean up with OTL
Right-click OTL.exe and select " Run as administrator " to run it.
This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop.
==========================
One last Scan :
Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
* Please go here >>> http://www.eset.com/...escan/index.php -
OTL fix !!
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service TfSysMon stopped successfully!
Service TfSysMon deleted successfully!
File system32\drivers\TfSysMon.sys not found.
Service TfNetMon stopped successfully!
Service TfNetMon deleted successfully!
File C:\WINDOWS\system32\drivers\TfNetMon.sys not found.
Service TfFsMon stopped successfully!
Service TfFsMon deleted successfully!
File system32\drivers\TfFsMon.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: Unable to stop service MpKsl0550bc22!
Service\Driver key MpKsl0550bc22 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Service AFGMp50 stopped successfully!
Service AFGMp50 deleted successfully!
File System32\Drivers\AFGMp50.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{547EEAAC-3665-4e6c-B326-C622D698543A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions folder moved successfully.
C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions folder moved successfully.
File C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected] not found.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: LINDA YATES
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LINDA YATES
->Flash cache emptied: 492 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LINDA YATES
->Temp folder emptied: 207550 bytes
->Temporary Internet Files folder emptied: 3222523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15725501 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 5398 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4876 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 07222013_200117
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Removing OTL findings from logs !!
We need to Run an OTL fix !!
* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the
. Do not include the word CodeDRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11
FF - user.js - File not found
[2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions
[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions
[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
[2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
Post OTL fix log please !!
-
OTL Extras logfile created on: 7/22/2013 6:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\LINDA YATES\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C43CD5-764F-4687-AA44-53272D45456B}" = PC Backup
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537370ED-F372-4ABD-8D9C-58B7BA076528}" = Bresnan OnLine
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Browser Defender_is1" = Browser Defender 3.0.0.11
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:43:56 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:45:40 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
-
Otl scan next :
OTL logfile created on: 7/22/2013 6:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\LINDA YATES\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/22 18:31:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LINDA YATES\My Documents\Downloads\OTL.exe
PRC - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/18 08:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2009/04/07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/13 18:11:53 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/09/14 07:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2003/02/17 17:41:00 | 000,032,768 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
PRC - [2003/02/17 17:39:58 | 000,028,672 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
PRC - [2003/02/17 17:39:50 | 000,143,360 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/21 23:46:19 | 000,090,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\TaskScheduler\d2a934cebc35c9af755cb4d6454aac6c\TaskScheduler.ni.dll
MOD - [2013/07/21 23:02:45 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Localization\f6831fdd3a37892c1aa7612e022efba4\Localization.ni.dll
MOD - [2013/07/21 23:01:59 | 000,051,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Diagnostics\960866d7e3a2d891882b1731dd3e3b41\Kodak.Diagnostics.ni.dll
MOD - [2013/07/21 23:01:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8f3e54440f3742da409131428ad1bce1\System.ServiceProcess.ni.dll
MOD - [2013/07/21 22:59:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll
MOD - [2013/07/21 22:58:12 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Utilities\ae9a0d84041111f364c18112891ec933\Kodak.Utilities.ni.dll
MOD - [2013/07/21 22:57:47 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Automation\ea24eb97559545f36492751b7d625312\Kodak.Automation.ni.dll
MOD - [2013/07/21 22:57:42 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\2a21bc7eeea4a1af1d4d1288f101eed7\System.Deployment.ni.dll
MOD - [2013/07/21 22:56:46 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013/07/21 21:23:48 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013/07/21 21:22:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013/07/21 21:21:38 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/21 21:05:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/21 21:04:29 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/06/18 08:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/07/19 19:16:01 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/09/14 07:50:46 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\TrackUtils.dll
MOD - [2004/09/14 07:50:42 | 000,434,176 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\CoreDll.dll
MOD - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 16:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 16:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 16:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/06/08 19:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/18 08:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 10:27:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2005/09/13 18:11:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/01/14 11:37:40 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;<local>;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/07/20 21:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions
[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions
[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
[2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/07/22 10:39:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Gearbox] C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe (Rockstar Software)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\Modem On Hold\moh.exe (BVRP Software)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348713577843 (MUWebControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10C9E85A-042C-4BF3-859C-94A5EAE1FC16}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E85CC59-5733-4A2F-B608-DAC10433B561}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/22 18:02:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/22 17:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/07/22 17:52:02 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/22 17:52:01 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/22 17:52:00 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/22 17:52:00 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/22 17:51:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/22 17:51:50 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/22 17:51:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/22 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/22 10:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/22 09:35:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/22 09:32:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/22 09:32:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/22 09:32:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/22 09:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/22 09:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\DefaultTab
[2013/07/22 08:50:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/22 08:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/21 23:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Malwarebytes
[2013/07/21 23:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/21 22:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Mozilla
[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla
[2013/07/21 22:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/21 22:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/21 22:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/21 19:59:41 | 000,000,000 | ---D | C] -- C:\0c102d0dacfb0749f8b42af839
[2013/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\PCHealth
[2013/07/18 12:32:10 | 000,000,000 | ---D | C] -- C:\3e5638b21639e1c0ad9931ca25bf1b
[2013/07/17 12:22:08 | 000,000,000 | ---D | C] -- C:\1d36c0e0916e5849628156941af2
[2013/07/17 06:15:06 | 000,000,000 | ---D | C] -- C:\7c8dc7450c6afe3ded9f4d1a06
[2013/07/16 20:36:51 | 000,000,000 | ---D | C] -- C:\2badc23d429e920ae7e2da11
[2013/07/15 19:18:45 | 000,000,000 | ---D | C] -- C:\ca53712bded28ebcfa42d1
[2013/07/13 20:12:22 | 000,000,000 | ---D | C] -- C:\71443b4c170849a7410d
[2013/07/11 20:10:07 | 000,000,000 | ---D | C] -- C:\9c9efca20cb418dea773f9fb7d
[2013/06/24 06:24:24 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/06/24 06:23:39 | 000,000,000 | ---D | C] -- C:\7254f845314d39f5eb3ec0
[2013/06/24 06:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/22 18:24:20 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/22 18:22:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/22 17:51:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/22 17:51:16 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/22 17:51:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/22 17:51:15 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/22 17:51:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/22 17:51:13 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/22 17:51:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/22 17:48:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 17:26:57 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/22 17:16:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/22 17:15:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 17:15:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/22 17:15:37 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 10:39:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/22 09:36:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/22 09:07:50 | 000,002,195 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk
[2013/07/21 22:12:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/21 22:12:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/21 20:56:24 | 000,518,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/21 20:56:24 | 000,103,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/21 14:50:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/07/21 10:08:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/21 09:06:13 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 22:43:16 | 007,924,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2013/07/11 22:43:06 | 003,984,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2013/06/29 07:57:54 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2013/06/28 22:19:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/24 06:13:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/22 09:36:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/22 09:36:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/22 09:32:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/22 09:32:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/22 09:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/22 09:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/22 09:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/22 09:25:38 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/22 09:07:37 | 000,002,195 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk
[2013/07/21 22:12:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/21 22:12:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/21 22:12:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/18 23:01:37 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/06/29 07:57:52 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2013/06/24 06:23:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/06/24 06:13:58 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/06/24 06:13:01 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/14 13:33:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/01/27 22:43:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 15:52:55 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/20 20:07:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB
[2005/10/20 20:07:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB
[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2).ini
[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini
========== ZeroAccess Check ==========
[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WgaNotify.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\tsiwinfile.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprof32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsa64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxhpinst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpya64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Px.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pncrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr71(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp71(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomctl.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpsys32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpcp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\intelmoh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Edcrypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ultra.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\toside.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc8xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc810.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_u3.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_hi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sparrow.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1280.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1240.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql12160.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1080.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pxhelp20.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2hib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NetMotCM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mraid35x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mohfilt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC53.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC52.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC51.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ini910u.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hpn.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hotcore.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dpti2o.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac960nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cpqarray.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmdide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asctrm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3550.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3350p.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\amsint.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aliide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78u2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aha154x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\setupapi.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NLSDownlevelMapping.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB925398.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923689.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922582.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB917953.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB913580.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB912812.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911567.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911565.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911562.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB908531.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB900485.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iun6002.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7_main.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IDNMitigationAPIs.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\setup.dbg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\QuickTime\qttask.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\ImgData.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Outlook Express(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\To Whom it may concern.wpd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\IconCache.db:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0(2).lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Try WordPerfect.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Simple Start Edition.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Owner's Manual.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\MyDVD LE.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with Sonic DigitalMedia LE.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wudf01000Inst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmsetup10.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmp11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMFDist11.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XceedFtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WnASPI32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmadmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(5).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(4).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VXBLOCK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm(2).tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMLoader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tdc(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysdm(2).cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPR32X30.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shgina(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(7).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sclgntfy(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schedsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rmoc3260.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\remotepg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RegDomainData.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qt-mt323.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagd.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxWave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxSFS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxMas.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PTPITCP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Prounstl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PrintAPI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prefscpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swnat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swenh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500sn.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500se.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5032.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5016.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_nat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_enh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swnat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swenh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3sn.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3se.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_nat.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_enh.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olethk32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecnv32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netplwiz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netid(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\natural.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3_win.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat2.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4)(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcirt.dll.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstask(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshtmler(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msflxgrd.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(5).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(4).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3)(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2)(2).IME:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mschrt20.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mp43dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mhwt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logonui(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmrt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\licmgr10(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPMUI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDIDs.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPD.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KodakOneTouch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kcm2sp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecNT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecAT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelNic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelCci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inseng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieuinit(2).inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iesetup(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieencode(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrnt5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdnt5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdev5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdd5(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2)(2).ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_chimera.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_92m.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_chimera.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_92m.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enhanced.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3_win.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh2.tli:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100bmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100b325.din:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDRProX.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxg(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2).SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2)(2).SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pngfilt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modemcsa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jscript(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inseng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iepeers(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iedw(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtrans(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtmsft(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\custsat(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\datime(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\danim(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctfmon(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptnet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdfview(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrvut(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capicom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browsewm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appwiz(2).cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(5).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(4).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\advpack(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\admparse(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.del:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setpwrcg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGULOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msxml4-KB936181-enu.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSCompPackV1.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB946026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944653.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944533-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943485.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943460.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943055.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942763.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942615-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941644.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941569.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941568.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941202.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939683.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939653-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938829.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938828.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938127-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB937143-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936782.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936357.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935840.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935839.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933729.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933566-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933360.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB932168.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931784.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931768-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931261.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930916.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930178.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929969.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929399.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929338.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929123.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928843.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928090-IE7.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927891.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927802.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927779.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926436.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926239.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925902.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925486.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925454.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924667.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924496.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924270.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924191.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923723.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923694.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923414.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923191.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922819.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922760.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB921503.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB920213.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918439.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918118.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917734.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917344.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB916281.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB915865.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914440.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914389.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB913446.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB912919.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911927.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911564.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB910437.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB908519.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905915.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905749.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905414.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904942.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904706.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB902400.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901214.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901017.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB900725.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899591.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899588.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899587.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896727.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896688.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896424.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896423.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB894391.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893756.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2)(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hotcore.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2)(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\March 27.wpd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Desktop\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ActivationFile.htm:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB922616.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921883.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921398.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920685.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920683.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920670.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920214.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB919007.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB918899.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917159.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB916595.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB914388.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911280.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB901190.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\KB920872.log:KAVICHS
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Dell.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\resume.wpd:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\Real\RealPlayer\RealPlay.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\LindaJ.wpd:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
< End of report >
-
This scan will take a little while so be patient ! Do Not use the computer or mouse while it's running !!
Download OldTimer to your desk top ! >>> http://oldtimer.geekstogo.com/OTL.exe
If you already have a copy of OTL delete it and use this version.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
* Double click OTL.exe to launch the program.
* Check the following.
o Scan all users.
o Standard Output.
o Lop check.
o Purity check.
* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.
o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.
*This may have to be broken into more than one post ! -
Going to uninstall Combofix now !!!
Click on the Start button and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall. -
Running lots faster !!!
1. Install Java
- Get the current version of Java (Version 7 Update 25) by going to http://java.com/en/download/manual.jsp
- Select the appropriate version of Java and follow the onscreen instructions to update if necessary.
=========================
2. Disable Java in Web Browsers
Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50...ers-683721.html- Click on the Start button and then click on the Control Panel option.
- In the Control Panel Search enter Java Control Panel.
- Click on the Java icon to open the Java Control Panel.
- Disable Java through the Java Control Panel
- In the Java Control Panel, click on the Security tab.
- Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
- Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
- Click OK in the Java Plug-in confirmation window.
- Restart the browser for changes to take effect.
=========================
- 2. Reboot
Chuck
-
Combofix did a great job ! Now to see if i can find anything else to remove !!
Chuck
-
I ran Combofix on this computer ! Here are the results after 56 minutes of scan time ! Now will spend time reading the log !
ComboFix 13-07-22.01 - LINDA YATES 07/22/2013 10:10:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.159 [GMT -6:00]
Running from: c:\documents and settings\LINDA YATES\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\LINDAY~1\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT_IE.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\LINDA YATES\Local Settings\Temp\AFF1.tmp\F_IN_BOX.dll
c:\program files\MyWaySA
c:\windows\explorer(2)(2).exe
c:\windows\explorer(2).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\Drivers\afd(2)(2).sys
c:\windows\system32\Drivers\afd(2).sys
c:\windows\system32\lpk(2)(2).dll
c:\windows\system32\lpk(2).dll
c:\windows\system32\lpk(3)(2).dll
c:\windows\system32\lpk(3).dll
c:\windows\system32\lpk(4).dll
c:\windows\system32\lpk(5).dll
c:\windows\system32\regsvr32(2)(2).exe
c:\windows\system32\regsvr32(2).exe
c:\windows\system32\services(2)(2).exe
c:\windows\system32\services(2).exe
c:\windows\system32\services(3)(2).exe
c:\windows\system32\services(3).exe
c:\windows\system32\services(4).exe
c:\windows\system32\services(5).exe
c:\windows\system32\SET686.tmp
c:\windows\system32\SET68D.tmp
c:\windows\system32\SET68F.tmp
c:\windows\system32\SET69B.tmp
c:\windows\system32\SET6A4.tmp
c:\windows\system32\SET6A5.tmp
c:\windows\system32\SET6A6.tmp
c:\windows\system32\SET6A9.tmp
c:\windows\system32\usp10(2)(2).dll
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3)(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\system32\usp10(4).dll
c:\windows\system32\usp10(5).dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-22 to 2013-07-22 )))))))))))))))))))))))))))))))
.
.
2013-07-22 16:39 . 2013-07-22 16:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys
2013-07-22 16:38 . 2013-07-22 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2013-07-22 15:30 . 2013-07-22 15:30 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl318d0fea.sys
2013-07-22 15:13 . 2013-07-22 15:14 -------- d-----w- c:\documents and settings\Administrator
2013-07-22 15:08 . 2013-07-22 16:33 -------- d-----w- c:\documents and settings\LINDA YATES\Application Data\DefaultTab
2013-07-22 05:18 . 2013-07-22 05:18 -------- d-----w- c:\documents and settings\LINDA YATES\Application Data\Malwarebytes
2013-07-22 05:16 . 2013-07-22 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-22 04:23 . 2013-07-22 04:23 -------- d-----w- c:\windows\ERUNT
2013-07-22 04:13 . 2013-07-22 04:13 -------- d-----w- c:\documents and settings\LINDA YATES\Local Settings\Application Data\Mozilla
2013-07-22 04:12 . 2013-07-22 04:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-22 01:59 . 2013-07-22 02:00 -------- d-----w- C:\0c102d0dacfb0749f8b42af839
2013-07-21 18:03 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\mpengine.dll
2013-07-21 15:12 . 2013-07-21 15:12 -------- d-----w- c:\documents and settings\LINDA YATES\Local Settings\Application Data\PCHealth
2013-07-19 05:16 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-18 18:32 . 2013-07-18 18:32 -------- d-----w- C:\3e5638b21639e1c0ad9931ca25bf1b
2013-07-17 18:22 . 2013-07-17 18:23 -------- d-----w- C:\1d36c0e0916e5849628156941af2
2013-07-17 12:15 . 2013-07-17 12:26 -------- d-----w- C:\7c8dc7450c6afe3ded9f4d1a06
2013-07-17 02:36 . 2013-07-17 02:38 -------- d-----w- C:\2badc23d429e920ae7e2da11
2013-07-16 01:18 . 2013-07-16 01:19 -------- d-----w- C:\ca53712bded28ebcfa42d1
2013-07-14 02:12 . 2013-07-14 02:13 -------- d-----w- C:\71443b4c170849a7410d
2013-07-12 02:10 . 2013-07-12 02:11 -------- d-----w- C:\9c9efca20cb418dea773f9fb7d
2013-06-24 12:24 . 2013-05-02 08:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-24 12:23 . 2013-06-24 12:28 -------- d-----w- C:\7254f845314d39f5eb3ec0
2013-06-24 12:10 . 2013-06-24 12:13 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:27 . 2012-10-05 22:11 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 16:27 . 2011-06-15 01:37 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 16:24 . 2013-06-12 16:23 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 05:55 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 17:51 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 17:51 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-02 13:20 . 2013-06-02 13:20 1409 ----a-w- c:\windows\QTFont.for
2013-05-09 06:28 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2004-08-10 17:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 03:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\progra~1\MODEMO~1\MOH.exe" [2003-11-17 86016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-14 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Gearbox"="c:\program files\Gearbox Connection Kit\bin\confsvr.exe" [2003-02-17 143360]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-22 155648]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-08 1511424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-01-17 1884576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
.
c:\documents and settings\LINDA YATES\Start Menu\Programs\Startup\
desktop(2).ini [2004-8-10 84]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [6/14/2006 11:10 PM 18208]
R1 MpKsl0550bc22;MpKsl0550bc22;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys [7/22/2013 10:39 AM 29904]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/2/2009 11:13 PM 198608]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0550BC22
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 16:27]
.
2013-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-13 19:45]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20]
.
2013-07-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]
.
2013-07-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;<local>;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\
FF - ExtSQL: 2013-07-22 09:08; [email protected]; c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupport- - c:\program files\Dell Support\DSAgnt.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-22 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{2715*F81-0877-42E9-AF13-55E5A3439A26}]
"Compatibility Flags"=dword:00000400
"Pst"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\docume~1\LINDAY~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kodak\AiO\center\KodakSvc.exe
c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\program files\Gearbox Connection Kit\bin\gbConMon.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Gearbox Connection Kit\bin\gbTask.exe
.
**************************************************************************
.
Completion time: 2013-07-22 10:59:11 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-22 16:58
.
Pre-Run: 50,035,003,392 bytes free
Post-Run: 50,995,793,920 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 966158CF074F7C6B168B527C961FDC34
B16A2359F4962B0C622D81A1C1F4B703
-
Ran Malwarebytes, found 14 Trojans >>>> removed !!
Computer still very slow !! Going hunting !
-
Note: Junkware hangs while scanning registery !!
Posted by Chuck
-
This is Chuck on Lindas computer. I am gonna be posting for her so she can see what i do !!
The AdwCleaner log:
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 21:26:09
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : LINDA YATES - LINDA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\LINDA YATES\Local Settings\Temporary Internet Files\Content.IE5\YBR1F5L4\adwcleaner[1].exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\END
Folder Deleted : C:\DOCUME~1\LINDAY~1\LOCALS~1\Temp\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\alotappbar
Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\AskPartnerNetwork
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [3176 octets] - [21/07/2013 21:26:09]
########## EOF - C:\AdwCleaner[s1].txt - [3236 octets] ##########
-
The computer is very slow and freezes up alot. It is about 7 years old.
"Help with this slow computer"!
in Malware Removal
Posted
Thank You!!!