ljyates Posted July 21, 2013 Report Share Posted July 21, 2013 The computer is very slow and freezes up alot. It is about 7 years old. Link to post Share on other sites
flashh4 Posted July 21, 2013 Report Share Posted July 21, 2013 Howdy and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply !Re-Boot your computer now !! NEXT AdwCleanerPlease download adwcleaner by Xplode onto your desktop.. * Close all open programs and internet browsers. * Double click on AdwCleaner.exe to run the tool. * Click on Delete button. * A logfile will automatically open after the scan has finished. * Please post the contents of that logfile with your next reply. * You can find the logfile at C:\AdwCleaner[s1].txt. as well. NEXT MALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.Please don't attach the scans / logs, use "copy/paste".NEXTDownload OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. Junkware Removal Tool log2. AdwCleaner3. Malwarebytes Log4. OTL.txt and Extras.txt (if a Extras.txt is produced)ThanksChuck Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 This is Chuck on Lindas computer. I am gonna be posting for her so she can see what i do !! The AdwCleaner log: # AdwCleaner v2.306 - Logfile created 07/21/2013 at 21:26:09 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : LINDA YATES - LINDA # Boot Mode : Normal # Running from : C:\Documents and Settings\LINDA YATES\Local Settings\Temporary Internet Files\Content.IE5\YBR1F5L4\adwcleaner[1].exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\DOCUME~1\LINDAY~1\LOCALS~1\Temp\APN Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\alotappbar Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\LINDA YATES\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\AskPartnerNetwork Folder Deleted : C:\Program Files\AskPartnerNetwork Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [3176 octets] - [21/07/2013 21:26:09] ########## EOF - C:\AdwCleaner[s1].txt - [3236 octets] ########## Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 Note: Junkware hangs while scanning registery !! Posted by Chuck Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 Ran Malwarebytes, found 14 Trojans >>>> removed !!Computer still very slow !! Going hunting ! Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 I ran Combofix on this computer ! Here are the results after 56 minutes of scan time ! Now will spend time reading the log ! ComboFix 13-07-22.01 - LINDA YATES 07/22/2013 10:10:59.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.159 [GMT -6:00]Running from: c:\documents and settings\LINDA YATES\My Documents\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\docume~1\LINDAY~1\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dllc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMPc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTabc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\addon.icoc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dllc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exec:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exec:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exec:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dllc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dllc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT.icoc:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DT_IE.exec:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\DTUpdate.exec:\documents and settings\LINDA YATES\Application Data\DefaultTab\DefaultTab\searchhere.icoc:\documents and settings\LINDA YATES\Local Settings\Temp\AFF1.tmp\F_IN_BOX.dllc:\program files\MyWaySAc:\windows\explorer(2)(2).exec:\windows\explorer(2).exec:\windows\system32\ctfmon(2).exec:\windows\system32\Drivers\afd(2)(2).sysc:\windows\system32\Drivers\afd(2).sysc:\windows\system32\lpk(2)(2).dllc:\windows\system32\lpk(2).dllc:\windows\system32\lpk(3)(2).dllc:\windows\system32\lpk(3).dllc:\windows\system32\lpk(4).dllc:\windows\system32\lpk(5).dllc:\windows\system32\regsvr32(2)(2).exec:\windows\system32\regsvr32(2).exec:\windows\system32\services(2)(2).exec:\windows\system32\services(2).exec:\windows\system32\services(3)(2).exec:\windows\system32\services(3).exec:\windows\system32\services(4).exec:\windows\system32\services(5).exec:\windows\system32\SET686.tmpc:\windows\system32\SET68D.tmpc:\windows\system32\SET68F.tmpc:\windows\system32\SET69B.tmpc:\windows\system32\SET6A4.tmpc:\windows\system32\SET6A5.tmpc:\windows\system32\SET6A6.tmpc:\windows\system32\SET6A9.tmpc:\windows\system32\usp10(2)(2).dllc:\windows\system32\usp10(2).dllc:\windows\system32\usp10(3)(2).dllc:\windows\system32\usp10(3).dllc:\windows\system32\usp10(4).dllc:\windows\system32\usp10(5).dll..((((((((((((((((((((((((( Files Created from 2013-06-22 to 2013-07-22 )))))))))))))))))))))))))))))))..2013-07-22 16:39 . 2013-07-22 16:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys2013-07-22 16:38 . 2013-07-22 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2013-07-22 15:30 . 2013-07-22 15:30 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl318d0fea.sys2013-07-22 15:13 . 2013-07-22 15:14 -------- d-----w- c:\documents and settings\Administrator2013-07-22 15:08 . 2013-07-22 16:33 -------- d-----w- c:\documents and settings\LINDA YATES\Application Data\DefaultTab2013-07-22 05:18 . 2013-07-22 05:18 -------- d-----w- c:\documents and settings\LINDA YATES\Application Data\Malwarebytes2013-07-22 05:16 . 2013-07-22 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-07-22 04:23 . 2013-07-22 04:23 -------- d-----w- c:\windows\ERUNT2013-07-22 04:13 . 2013-07-22 04:13 -------- d-----w- c:\documents and settings\LINDA YATES\Local Settings\Application Data\Mozilla2013-07-22 04:12 . 2013-07-22 04:12 -------- d-----w- c:\program files\Mozilla Maintenance Service2013-07-22 01:59 . 2013-07-22 02:00 -------- d-----w- C:\0c102d0dacfb0749f8b42af8392013-07-21 18:03 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\mpengine.dll2013-07-21 15:12 . 2013-07-21 15:12 -------- d-----w- c:\documents and settings\LINDA YATES\Local Settings\Application Data\PCHealth2013-07-19 05:16 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-18 18:32 . 2013-07-18 18:32 -------- d-----w- C:\3e5638b21639e1c0ad9931ca25bf1b2013-07-17 18:22 . 2013-07-17 18:23 -------- d-----w- C:\1d36c0e0916e5849628156941af22013-07-17 12:15 . 2013-07-17 12:26 -------- d-----w- C:\7c8dc7450c6afe3ded9f4d1a062013-07-17 02:36 . 2013-07-17 02:38 -------- d-----w- C:\2badc23d429e920ae7e2da112013-07-16 01:18 . 2013-07-16 01:19 -------- d-----w- C:\ca53712bded28ebcfa42d12013-07-14 02:12 . 2013-07-14 02:13 -------- d-----w- C:\71443b4c170849a7410d2013-07-12 02:10 . 2013-07-12 02:11 -------- d-----w- C:\9c9efca20cb418dea773f9fb7d2013-06-24 12:24 . 2013-05-02 08:06 238872 ------w- c:\windows\system32\MpSigStub.exe2013-06-24 12:23 . 2013-06-24 12:28 -------- d-----w- C:\7254f845314d39f5eb3ec02013-06-24 12:10 . 2013-06-24 12:13 -------- d-----w- c:\program files\Microsoft Security Client...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-12 16:27 . 2012-10-05 22:11 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-12 16:27 . 2011-06-15 01:37 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-12 16:24 . 2013-06-12 16:23 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-06-08 05:55 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec2013-06-07 21:56 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-06-07 21:56 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll2013-06-07 21:56 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-06-04 07:23 . 2004-08-10 17:51 562688 ----a-w- c:\windows\system32\qedit.dll2013-06-04 01:40 . 2004-08-10 17:51 1876736 ----a-w- c:\windows\system32\win32k.sys2013-06-02 13:20 . 2013-06-02 13:20 1409 ----a-w- c:\windows\QTFont.for2013-05-09 06:28 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll2013-05-03 01:26 . 2004-08-10 17:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe2013-05-03 00:38 . 2004-08-04 03:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ModemOnHold"="c:\progra~1\MODEMO~1\MOH.exe" [2003-11-17 86016].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-14 26112]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]"Gearbox"="c:\program files\Gearbox Connection Kit\bin\confsvr.exe" [2003-02-17 143360]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-22 155648]"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-08 1511424]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336]"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-01-17 1884576]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600].c:\documents and settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini [2004-8-10 84].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=.R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [6/14/2006 11:10 PM 18208]R1 MpKsl0550bc22;MpKsl0550bc22;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys [7/22/2013 10:39 AM 29904]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/2/2009 11:13 PM 198608]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?].--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL0550BC22.Contents of the 'Scheduled Tasks' folder.2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 16:27].2013-07-21 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-13 19:45].2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20].2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:20].2013-07-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11].2013-07-22 c:\windows\Tasks\MpIdleTask.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = ;<local>;*.localTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\FF - ExtSQL: 2013-07-22 09:08; [email protected]; c:\documents and settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected].- - - - ORPHANS REMOVED - - - -.HKCU-Run-DellSupport- - c:\program files\Dell Support\DSAgnt.exeAddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-07-22 10:40Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{2715*F81-0877-42E9-AF13-55E5A3439A26}]"Compatibility Flags"=dword:00000400"Pst"=dword:00000002.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2500)c:\windows\system32\WININET.dllc:\docume~1\LINDAY~1\LOCALS~1\Temp\IadHide5.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Belkin\Router Setup and Monitor\BelkinService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Kodak\AiO\center\KodakSvc.exec:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\program files\Gearbox Connection Kit\bin\gbConMon.exec:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exec:\program files\Gearbox Connection Kit\bin\gbTask.exe.**************************************************************************.Completion time: 2013-07-22 10:59:11 - machine was rebootedComboFix-quarantined-files.txt 2013-07-22 16:58.Pre-Run: 50,035,003,392 bytes freePost-Run: 50,995,793,920 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - 966158CF074F7C6B168B527C961FDC34B16A2359F4962B0C622D81A1C1F4B703 Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 Combofix did a great job ! Now to see if i can find anything else to remove !! Chuck Link to post Share on other sites
ljyates Posted July 22, 2013 Author Report Share Posted July 22, 2013 (edited) Running lots faster !!! 1. Install JavaGet the current version of Java (Version 7 Update 25) by going to http://java.com/en/download/manual.jspSelect the appropriate version of Java and follow the onscreen instructions to update if necessary.=========================2. Disable Java in Web BrowsersEven though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.More information can be found here: http://www.techsupportforum.com/forums/f50...ers-683721.htmlClick on the Start button and then click on the Control Panel option.In the Control Panel Search enter Java Control Panel.Click on the Java icon to open the Java Control Panel.Disable Java through the Java Control Panel In the Java Control Panel, click on the Security tab.Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.Click OK in the Java Plug-in confirmation window.Restart the browser for changes to take effect. =========================2. Reboot Chuck Edited July 22, 2013 by ljyates Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 Going to uninstall Combofix now !!! Click on the Start button and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.Please note that there is a space between combofix and /uninstall. Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 This scan will take a little while so be patient ! Do Not use the computer or mouse while it's running !!Download OldTimer to your desk top ! >>> http://oldtimer.geekstogo.com/OTL.exeIf you already have a copy of OTL delete it and use this version.(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output.o Lop check.o Purity check.* Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.*This may have to be broken into more than one post ! Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 Otl scan next : OTL logfile created on: 7/22/2013 6:32:21 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\LINDA YATES\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/22 18:31:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LINDA YATES\My Documents\Downloads\OTL.exePRC - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exePRC - [2013/06/18 08:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exePRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exePRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exePRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exePRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exePRC - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exePRC - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exePRC - [2009/04/07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exePRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/09/13 18:11:53 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exePRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exePRC - [2004/09/14 07:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exePRC - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exePRC - [2003/02/17 17:41:00 | 000,032,768 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbTask.exePRC - [2003/02/17 17:39:58 | 000,028,672 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exePRC - [2003/02/17 17:39:50 | 000,143,360 | ---- | M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe ========== Modules (No Company Name) ========== MOD - [2013/07/21 23:46:19 | 000,090,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\TaskScheduler\d2a934cebc35c9af755cb4d6454aac6c\TaskScheduler.ni.dllMOD - [2013/07/21 23:02:45 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Localization\f6831fdd3a37892c1aa7612e022efba4\Localization.ni.dllMOD - [2013/07/21 23:01:59 | 000,051,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Diagnostics\960866d7e3a2d891882b1731dd3e3b41\Kodak.Diagnostics.ni.dllMOD - [2013/07/21 23:01:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8f3e54440f3742da409131428ad1bce1\System.ServiceProcess.ni.dllMOD - [2013/07/21 22:59:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dllMOD - [2013/07/21 22:58:12 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Utilities\ae9a0d84041111f364c18112891ec933\Kodak.Utilities.ni.dllMOD - [2013/07/21 22:57:47 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Kodak.Automation\ea24eb97559545f36492751b7d625312\Kodak.Automation.ni.dllMOD - [2013/07/21 22:57:42 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\2a21bc7eeea4a1af1d4d1288f101eed7\System.Deployment.ni.dllMOD - [2013/07/21 22:56:46 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dllMOD - [2013/07/21 21:23:48 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dllMOD - [2013/07/21 21:22:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dllMOD - [2013/07/21 21:21:38 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dllMOD - [2013/07/21 21:05:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dllMOD - [2013/07/21 21:04:29 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dllMOD - [2013/06/18 08:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dllMOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dllMOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dllMOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dllMOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dllMOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dllMOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dllMOD - [2010/07/19 19:16:01 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dllMOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exeMOD - [2004/09/14 07:50:46 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\TrackUtils.dllMOD - [2004/09/14 07:50:42 | 000,434,176 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\CoreDll.dllMOD - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeMOD - [2004/02/11 16:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dllMOD - [2004/02/11 16:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dllMOD - [2004/02/11 16:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dllMOD - [2003/06/08 19:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dllMOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dllMOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)SRV - [2013/07/22 17:51:23 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2013/06/18 08:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/06/12 10:27:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)SRV - [2010/07/19 01:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)SRV - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)DRV - [2005/09/13 18:11:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)DRV - [2005/01/14 11:37:40 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepageIE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;<local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage"FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/07/20 21:28:00 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected][2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/07/22 10:39:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not foundO2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)O4 - HKLM..\Run: [Gearbox] C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe (Rockstar Software)O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\Modem On Hold\moh.exe (BVRP Software)O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()O4 - Startup: C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not foundO9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348713577843 (MUWebControl Class)O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10C9E85A-042C-4BF3-859C-94A5EAE1FC16}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E85CC59-5733-4A2F-B608-DAC10433B561}: DhcpNameServer = 192.168.1.1O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/22 18:02:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2013/07/22 17:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun[2013/07/22 17:52:02 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl[2013/07/22 17:52:01 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll[2013/07/22 17:52:00 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll[2013/07/22 17:52:00 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe[2013/07/22 17:51:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe[2013/07/22 17:51:50 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll[2013/07/22 17:51:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe[2013/07/22 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2013/07/22 10:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP[2013/07/22 09:35:44 | 000,000,000 | RHSD | C] -- C:\cmdcons[2013/07/22 09:32:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2013/07/22 09:32:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2013/07/22 09:32:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2013/07/22 09:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2013/07/22 09:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\DefaultTab[2013/07/22 08:50:00 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/07/22 08:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt[2013/07/21 23:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Malwarebytes[2013/07/21 23:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2013/07/21 22:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\Mozilla[2013/07/21 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla[2013/07/21 22:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla[2013/07/21 22:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service[2013/07/21 22:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2013/07/21 19:59:41 | 000,000,000 | ---D | C] -- C:\0c102d0dacfb0749f8b42af839[2013/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\PCHealth[2013/07/18 12:32:10 | 000,000,000 | ---D | C] -- C:\3e5638b21639e1c0ad9931ca25bf1b[2013/07/17 12:22:08 | 000,000,000 | ---D | C] -- C:\1d36c0e0916e5849628156941af2[2013/07/17 06:15:06 | 000,000,000 | ---D | C] -- C:\7c8dc7450c6afe3ded9f4d1a06[2013/07/16 20:36:51 | 000,000,000 | ---D | C] -- C:\2badc23d429e920ae7e2da11[2013/07/15 19:18:45 | 000,000,000 | ---D | C] -- C:\ca53712bded28ebcfa42d1[2013/07/13 20:12:22 | 000,000,000 | ---D | C] -- C:\71443b4c170849a7410d[2013/07/11 20:10:07 | 000,000,000 | ---D | C] -- C:\9c9efca20cb418dea773f9fb7d[2013/06/24 06:24:24 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe[2013/06/24 06:23:39 | 000,000,000 | ---D | C] -- C:\7254f845314d39f5eb3ec0[2013/06/24 06:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/22 18:24:20 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job[2013/07/22 18:22:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2013/07/22 17:51:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll[2013/07/22 17:51:16 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe[2013/07/22 17:51:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe[2013/07/22 17:51:15 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl[2013/07/22 17:51:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe[2013/07/22 17:51:13 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll[2013/07/22 17:51:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll[2013/07/22 17:48:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2013/07/22 17:26:57 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job[2013/07/22 17:16:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2013/07/22 17:15:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2013/07/22 17:15:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2013/07/22 17:15:37 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys[2013/07/22 10:39:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2013/07/22 09:36:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2013/07/22 09:07:50 | 000,002,195 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk[2013/07/21 22:12:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2013/07/21 22:12:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2013/07/21 20:56:24 | 000,518,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2013/07/21 20:56:24 | 000,103,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2013/07/21 14:50:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2013/07/21 10:08:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2013/07/21 09:06:13 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2013/07/11 22:43:16 | 007,924,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb[2013/07/11 22:43:06 | 003,984,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb[2013/06/29 07:57:54 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk[2013/06/28 22:19:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/06/24 06:13:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/22 09:36:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2013/07/22 09:36:01 | 000,260,272 | RHS- | C] () -- C:\cmldr[2013/07/22 09:32:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[2013/07/22 09:32:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[2013/07/22 09:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2013/07/22 09:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2013/07/22 09:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2013/07/22 09:25:38 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys[2013/07/22 09:07:37 | 000,002,195 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Desktop\Continue SweetIM installation.lnk[2013/07/21 22:12:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2013/07/21 22:12:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2013/07/21 22:12:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk[2013/07/18 23:01:37 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job[2013/06/29 07:57:52 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk[2013/06/24 06:23:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job[2013/06/24 06:13:58 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif[2013/06/24 06:13:01 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk[2012/02/14 13:33:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2009/01/27 22:43:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/02/28 15:52:55 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache[2005/10/20 20:07:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB[2005/10/20 20:07:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2).ini[2004/08/10 11:57:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini ========== ZeroAccess Check ========== [2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\WgaNotify.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\tsiwinfile.dat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmasf.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprof32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsa64.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxhpinst.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpya64.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Px.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pncrt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr71(2).dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp71(2).dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomctl.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpsys32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kpcp32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\intelmoh.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iglicd32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igldev32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpers.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Edcrypt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ultra.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\toside.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc8xx.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\symc810.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_u3.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sym_hi.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sparrow.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\senfilt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1280.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1240.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql12160.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql10wnt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ql1080.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pxhelp20.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2hib.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\perc2.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciide.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NetMotCM.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mraid35x.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mohfilt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC53.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC52.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\IntelC51.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ini910u.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hpn.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hotcore.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ftdisk.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dpti2o.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac960nt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dac2w2k.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cpqarray.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmdide.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cd20xrnt.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asctrm.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3550.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc3350p.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\asc.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\amsint.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aliide.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78xx.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aic78u2.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aha154x.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\adpu160m.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\setupapi.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NLSDownlevelMapping.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB925398.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB923689.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB922582.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB917953.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB913580.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB912812.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911567.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911565.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911562.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB908531.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB900485.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iun6002.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iis6.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7_main.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ie7.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IDNMitigationAPIs.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\comsetup.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\setup.dbg:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Program Files\QuickTime\qttask.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\ImgData.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Outlook Express(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\To Whom it may concern.wpd:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Local Settings\Application Data\IconCache.db:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0(2).lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Try WordPerfect.lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Simple Start Edition.lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Owner's Manual.lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\MyDVD LE.lnk:KAVICHS@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with Sonic DigitalMedia LE.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Wudf01000Inst.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmsetup10.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmp11.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMFDist11.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wininit.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhlp32(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmllite(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XceedFtp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauserv(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscsvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WnASPI32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmadmod.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsrv(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(5).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(4).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(3)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(6).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(3)(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(5).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(4).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(3)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webclnt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(5).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(4).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfmgr(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VXBLOCK.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(6).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(3)(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm(2).tsp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UMLoader.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tourstart(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tfswapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tdc(2).ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysdm(2).cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\strmdll(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srvsvc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srrstr(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPR32X30.OCX:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolsv(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcoutlook(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spamcaddr(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smss(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(6).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(3)(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shgina(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(7).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(6).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(3)(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sclgntfy(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schedsvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schannel(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcrt4(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rmoc3260.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\remotepg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RegDomainData.xml:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcbdyctl(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmans(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasapi32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qt-mt323.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdiagd.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxWave.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxSFS.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PxMas.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxdrv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PTPITCP.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pspascrrc5.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Prounstl.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PrintAPI.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prefscpl.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swnat.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500swenh.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500sn.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pp500se.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5032.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5016.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pncrt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAE.HLP:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PINTLPAD.HLP:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_nat.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pds3_enh.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swnat.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpluss3swenh.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3sn.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdpls3se.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_nat.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdocks3_sw_enh.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olethk32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecnv32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleacc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.PNF:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdll(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\normaliz(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netplwiz(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netid(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\natural.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3_win.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat3.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nat2.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mycomput(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(4)(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(3)(2)(2)(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr71(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp71(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcirt.dll.bak:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msutb(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstsc(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstask(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimg32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshtmler(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshearts(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msflxgrd.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(5).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(4).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(3)(2).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTFIME(2)(2).IME:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCTF(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mschrt20.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MRT(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mp43dmod.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moricons(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mhwt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsass(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lsasrv(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logonui(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmrt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\licmgr10(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksuser(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPMUI.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDPM.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPDIDs.xml:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KPD.xml:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KodakOneTouch.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kernel32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kcm2sp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecNT.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnecAT.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec95.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbd101a.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.4.2_03-b02.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jscript(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Jasc Paint Shop Photo Album 5.scr:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISUSPM.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelNic.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelMPM(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IntelCci.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inseng(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcomm(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InetClnt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imm32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxs32.vp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxk32.vp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.vp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igxpxa32.cpa:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxtray(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxsrvc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpers(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieuinit(2).inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieudinit(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iesetup(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iertutil(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieencode(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTRK.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuTHA.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuSVE.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuRUS.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTG.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPTB.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuPLK.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNOR.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuNLD.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuKOR.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuJPN.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuITA.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHUN.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuHEB.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRC.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFRA.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuFIN.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuESP.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuENG.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuELL.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmudlg.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDEU.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuDAN.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCSY.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHT.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuCHS.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARB.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmuARA.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrnt5(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdnt5(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdev5(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmdd5(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4396.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v4020.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetwiz(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hkcmd(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2).ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hhctrl(2)(2).ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccutils(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GTKCMOS.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GPCIEnum.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_chimera.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_y337_92m.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_chimera.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g600_sw_srgb_hybrid_92m.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssvc(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsst(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsres(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsmon(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fxdb.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(5)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enhanced.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3_win.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh3.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\enh2.tli:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Edcrypt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100bmsg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e100b325.din:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxmasf(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DVDRProX.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wdmaud(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanatw4(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbprint(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tcpip(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ssrtln(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srv(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sr(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\splitter(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smwdm(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\senfilt(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdbss(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql12160(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql10wnt(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ql1080(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pxhelp20(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nv4_mini(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NetMotCM(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mssmbios(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxsmb(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouhid(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mouclass(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mohfilt(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kmixer(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Klpf(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klmc(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\klif(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kl1(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdhid(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\iqvw32.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC53(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC52(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\IntelC51(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\i8042prt(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\http(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hidusb(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fltmgr(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\e100b325(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxg(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drvnddm(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atapi(2)(2).sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5.SYS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2).SYS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ABP480N5(2)(2).SYS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\1028_Dell_DIM_DIM3000.mrk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLPT2.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmasf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pngfilt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modemcsa.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jscript(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inseng(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iepeers(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iedw(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtrans(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxtmsft(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\custsat(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpcsvc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDMI2.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\datime(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\danim(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctfmon(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrss(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscdll(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptnet(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsvcs(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compatUI(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\command.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\colbact(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdintf.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdfview(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrvut(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrv(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capicom.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browsewm(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\authz(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appwiz(2).cpl:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(5).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(4).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(3)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\advpack(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\admparse(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(5).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(4).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(3)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\6to4svc(2)(2).dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.del:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.del:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.del:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setpwrcg.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGULOCS.OLD:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msxml4-KB936181-enu.LOG:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MSCompPackV1.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mp10oem.txt:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB946026.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944653.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB944533-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943485.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943460.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB943055.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942763.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB942615-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941644.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941569.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941568.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB941202.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939683.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB939653-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938829.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938828.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB938127-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB937143-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936782.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936357.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB936021.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935840.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB935839.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933729.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933566-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB933360.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB932168.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931836.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931784.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931768-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB931261.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930916.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB930178.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929969.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929399.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929338.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB929123.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928843.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928255.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB928090-IE7.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927891.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927802.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB927779.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926436.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926255.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB926239.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925902.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925486.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB925454.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924667.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924496.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924270.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB924191.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923980.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923723.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923694.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923414.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB923191.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922819.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB922760.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB921503.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB920213.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918439.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB918118.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917734.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB917344.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB916281.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB915865.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914440.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB914389.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB913446.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB912919.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911927.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911564.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB910437.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB908519.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905915.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905749.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905414.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904942.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904706.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB902400.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901214.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB901017.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB900725.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899591.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899588.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB899587.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898461.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898458.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896727.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896688.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896428.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896424.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896423.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896422.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896358.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB894391.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893756.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893066.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890046.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888310.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB883939.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iun6002(2)(2).exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hotcore.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS@Alternate Data Stream - 36 bytes -> C:\INFCACHE.1:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\Windows Media Player.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2).ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Start Menu\Programs\desktop(2)(2).ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\March 27.wpd:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Desktop\Windows Media Player.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JPR.{PB:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\PFP120JCM.{PB:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2).ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\desktop(2)(2).ini:KAVICHS@Alternate Data Stream - 36 bytes -> C:\ActivationFile.htm:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB922616.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921883.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB921398.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920685.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920683.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920670.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB920214.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB919007.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB918899.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917422.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB917159.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB916595.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB914388.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911280.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB901190.log:KAVICHS@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\LINDA YATES\My Documents\desktop.ini:KAVICHS@Alternate Data Stream - 196 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2@Alternate Data Stream - 164 bytes -> C:\WINDOWS\KB920872.log:KAVICHS@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Dell.bmp:KAVICHS@Alternate Data Stream - 100 bytes -> C:\resume.wpd:KAVICHS@Alternate Data Stream - 100 bytes -> C:\Program Files\Real\RealPlayer\RealPlay.exe:KAVICHS@Alternate Data Stream - 100 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe:KAVICHS@Alternate Data Stream - 100 bytes -> C:\LindaJ.wpd:KAVICHS@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\LINDA YATES\Application Data\desktop.ini:KAVICHS@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS< End of report > Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 OTL Extras logfile created on: 7/22/2013 6:32:21 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\LINDA YATES\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 91.90 Mb Available Physical Memory | 18.02% Memory free1.22 Gb Paging File | 0.73 Gb Available in Paging File | 60.14% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 70.91 Gb Total Space | 47.34 Gb Free Space | 66.75% Space Free | Partition Type: NTFS Computer Name: LINDA | User Name: LINDA YATES | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{00C43CD5-764F-4687-AA44-53272D45456B}" = PC Backup"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{537370ED-F372-4ABD-8D9C-58B7BA076528}" = Bresnan OnLine"{56BA241F-580C-43D2-8403-947241AAE633}" = center"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor"Browser Defender_is1" = Browser Defender 3.0.0.11"Google Updater" = Google Updater"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft Security Client" = Microsoft Security Essentials"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSNINST" = MSN"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NSS" = Norton Security Scan"PROSet" = Intel® PRO Network Adapters and Drivers"RealPlayer 6.0" = RealPlayer Basic"Shockwave" = Shockwave"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:43:32 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:43:56 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:45:40 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:51:20 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/21/2013 11:51:22 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ]Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:22 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 Error - 7/22/2013 8:26:23 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023Description = The Application Management service terminated with the following error: %%126 < End of report > Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 Removing OTL findings from logs !! We need to Run an OTL fix !!* Double-click OTL.exe to start the program.* Copy and Paste the following code into the . Do not include the word Code DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys -- (MpKsl0550bc22)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=3.0.0.11FF - user.js - File not found[2013/07/21 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions[2013/07/22 09:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions[2013/07/22 09:08:24 | 000,029,621 | ---- | M] () (No name found) -- C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected][2013/07/22 17:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2013/07/21 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensionsO2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O2 - BHO: (CPub Object) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll File not foundO3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot] # Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post OTL fix log please !! Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 OTL fix !! All processes killed========== OTL ==========Service WDICA stopped successfully!Service WDICA deleted successfully!Service wanatw stopped successfully!Service wanatw deleted successfully!File system32\DRIVERS\wanatw4.sys not found.Service TfSysMon stopped successfully!Service TfSysMon deleted successfully!File system32\drivers\TfSysMon.sys not found.Service TfNetMon stopped successfully!Service TfNetMon deleted successfully!File C:\WINDOWS\system32\drivers\TfNetMon.sys not found.Service TfFsMon stopped successfully!Service TfFsMon deleted successfully!File system32\drivers\TfFsMon.sys not found.Service PDRFRAME stopped successfully!Service PDRFRAME deleted successfully!Service PDRELI stopped successfully!Service PDRELI deleted successfully!Service PDFRAME stopped successfully!Service PDFRAME deleted successfully!Service PDCOMP stopped successfully!Service PDCOMP deleted successfully!Service PCIDump stopped successfully!Service PCIDump deleted successfully!Error: Unable to stop service MpKsl0550bc22!Service\Driver key MpKsl0550bc22 not found.File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F802613C-6C4C-462F-88F7-A8D76A5268D0}\MpKsl0550bc22.sys not found.Service lbrtfdc stopped successfully!Service lbrtfdc deleted successfully!Service Changer stopped successfully!Service Changer deleted successfully!Service catchme stopped successfully!Service catchme deleted successfully!File C:\ComboFix\catchme.sys not found.Service bvrp_pci stopped successfully!Service bvrp_pci deleted successfully!Service AFGMp50 stopped successfully!Service AFGMp50 deleted successfully!File System32\Drivers\AFGMp50.sys not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll moved successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{547EEAAC-3665-4e6c-B326-C622D698543A}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Extensions folder moved successfully.C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions folder moved successfully.File C:\Documents and Settings\LINDA YATES\Application Data\Mozilla\Firefox\Profiles\n8sdrege.default\extensions\[email protected] not found.C:\Program Files\Mozilla Firefox\extensions folder moved successfully.C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.File C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User User: LINDA YATES->Java cache emptied: 0 bytes User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator->Flash cache emptied: 0 bytes User: All Users User: Default User->Flash cache emptied: 0 bytes User: LINDA YATES->Flash cache emptied: 492 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->FireFox cache emptied: 0 bytes->Flash cache emptied: 0 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: LINDA YATES->Temp folder emptied: 207550 bytes->Temporary Internet Files folder emptied: 3222523 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 15725501 bytes->Flash cache emptied: 0 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService->Temp folder emptied: 5398 bytes->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 4876 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 18.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 07222013_200117Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 Clean up with OTLRight-click OTL.exe and select " Run as administrator " to run it.This will remove all the tools we used to clean your pc.Close all other programs apart from OTL as this step will require a rebootOn the OTL main screen, press the CleanUp! buttonSay Yes to the prompt and then allow the program to reboot your computer.You can now delete any tools we used if they remain on your Desktop.==========================One last Scan :Eset online scannnerYou can use either Internet Explorer or Mozilla FireFox for this scan.Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.* Please go here >>> http://www.eset.com/...escan/index.php Link to post Share on other sites
ljyates Posted July 23, 2013 Author Report Share Posted July 23, 2013 Eset scan found no threats !!! Link to post Share on other sites
flashh4 Posted July 23, 2013 Report Share Posted July 23, 2013 Linda your computer is clean & running much faster !! Thank you for letting me and BestTechie assist you in the cleaning ! If you have any questions please feel free to contact me or one of the BestTechie mods !! ======================== I know you may have some of these installed, this is just my standard all clean speech !Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. Here are some tips to reduce the potential for spyware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps: * Open Internet Explorer * Click on Tools > Internet Options * Press Security tab * Select Internet zone then place check next to Enable Protected Mode if not already done * Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply * Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/I use & like FireFox !!3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:Online Armor Free Online Armor FreeAgnitum Outpost Firewall Free Agnitum Outpost Firewall5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6. Consider a custom hosts file such as MVPS HOSTS This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.8.Finally, I strongly recommend that you read TonyKlein's good advice A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-downloadYou are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/ Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.To insure better safety, these are a must have:Rule #1 ........ Good AntivirusRule #2 ........ Good FirewallRule #3 ........ Good Router is Great ! (optional but best)Happy surfing and Stay CleanChuck Link to post Share on other sites
ljyates Posted July 24, 2013 Author Report Share Posted July 24, 2013 Thank You!!! Link to post Share on other sites
ljyates Posted July 24, 2013 Author Report Share Posted July 24, 2013 Thank You!!! Link to post Share on other sites
flashh4 Posted August 8, 2013 Report Share Posted August 8, 2013 Your Welcome Lady !! Gonna lock this now ! Glad we could help ! ThanksChuck Link to post Share on other sites
Recommended Posts