KingAbu Posted March 24, 2011 ID:404069 Share Posted March 24, 2011 Hi,Thanks in advance. This is from my first computer I'm running the tools on. I have four others that seem to have the same infection, all on same lan. DDS.TXT (windows XP/sp3).DDS (Ver_11-03-05.01) - NTFSx86 Run by Micheal Aubuchon at 18:29:54.45 on Wed 03/23/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1067 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Micheal Aubuchon\Local Settings\Temporary Internet Files\Content.IE5\4IB1U990\Defogger[1].exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Micheal Aubuchon\Local Settings\Temporary Internet Files\Content.IE5\3JYBVMP9\dds[1].scr.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHPBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dllTB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /noguiIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294193331187DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.============= SERVICES / DRIVERS ===============.R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-4 165584]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-4 17744]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-4 40384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-4 40384]S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-4 40384]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336].=============== Created Last 30 ================.2011-03-17 20:46:15 -------- d-----w- c:\windows\system32\DIFxAPI.dll2011-03-11 05:14:18 821824 ----a-w- c:\windows\system32\dgderapi.dll2011-03-11 05:14:18 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys2011-03-08 16:49:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll2011-03-08 16:49:14 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys2011-03-08 16:49:13 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys2011-03-08 16:49:12 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys2011-03-08 16:49:11 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys2011-03-08 16:49:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Samsung2011-03-08 16:48:45 -------- d-----w- c:\program files\Samsung2011-03-08 16:47:44 -------- d-----w- c:\program files\Windows Media Connect 22011-03-08 16:39:57 770912 ----a-w- c:\windows\system32\Msfdbqp.dll2011-03-08 16:39:57 511328 ----a-w- c:\windows\system32\Synchronization2.dll2011-03-08 16:39:57 4659712 ----a-w- c:\windows\system32\Redemption.dll2011-03-08 16:39:57 397152 ----a-w- c:\windows\system32\Msfdbse.dll2011-03-08 16:39:57 253280 ----a-w- c:\windows\system32\MetaStore2.dll2011-03-08 16:39:57 230240 ----a-w- c:\windows\system32\Msfdb.dll2011-03-08 16:39:57 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll2011-03-08 16:39:57 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll2011-03-08 16:39:57 156512 ----a-w- c:\windows\system32\FeedSync2.dll2011-03-08 16:34:12 -------- d-----w- c:\windows\pss2011-02-28 01:33:59 -------- d-----w- c:\docume~1\michea~1\locals~1\applic~1\PCHealth2011-02-26 21:03:29 49152 ----a-w- c:\windows\system32\ChCfg.exe2011-02-26 21:02:50 -------- d-----w- c:\program files\Realtek AC972011-02-26 20:54:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Boost2011-02-26 20:50:04 -------- d-----w- c:\program files\Microsoft2011-02-26 20:49:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters.==================== Find3M ====================.2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 18:30:22.21 ===============Ok that was the first log, Malwarebytes is runnning now. Thanks again in advance!art.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted March 24, 2011 Staff ID:404209 Share Posted March 24, 2011 Hi and welcome to Malwarebytes,Likely that your router has been hijacked.1. Very important: First disconnect your computers from the Internet.2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).3. Reset the IP/DNS settings of your Internet connection on each computer connected:Go to Start -> Control Panel -> Double click on Network Connections.Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.Select the General tab.Double click on Internet Protocol (TCP/IP).Under General tab:Select "Obtain an IP address automatically".Select "Obtain DNS server address automatically".[*]Click OK twice to save the settings.[*]Reboot if you had to change any setting.4. Flush the DNS cache:Click the Start logo in the bottom left corner of the screenClick on RunIn the command window copy/paste the following:ipconfig /flushdnsThen hit enter.Exit the command window.5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.Let me know if the issue persists. Link to post Share on other sites More sharing options...
KingAbu Posted March 24, 2011 Author ID:404323 Share Posted March 24, 2011 Hi,Thanks for your quick reply and help. I cant do those steps now, running out the door. But looking at my routers security log, is just a ton of attacks on all different ports. I WHOISed a few of them and seems as if they are all Chinesses in origin, and people are already complaining. Was running Active Ports last night and was able to look up a few of the IP's and follow them back. One was a Facebook group with lists of IP's. Looked as if the language was in Checz/Russian. The computer we use for sensitive info stuff has been off the Lan since I noticed the problem. Not sure what all I'm allowed to post, I know not to post scans. I have some screen shots from my Linux(ubuntu 10.04) that shows I am part of a domain, with a S-1-2-3 style SID and restricted to a limited account. Seems to be very deep, couldn't wipe my drives. I'll be on right after work, and do the steps you suggested. Any tip on how not to be redirected in browser everytime I try to visit a page? Tried about:config in mozillia to turn off redirects, no help, and the settings in there are way off from normal.Thanks again for everything. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:404565 Share Posted March 25, 2011 Ok here is my new Malwarebytes log and I ran check disk and IPconfig. Now I am going to reset the router and do the DNS flush as you instructed. Thanks again....Malwarebytes Log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6160Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187023/24/2011 5:43:53 PMmbam-log-2011-03-24 (17-43-53).txtScan type: Full scan (A:\|C:\|D:\|E:\|)Objects scanned: 172240Time elapsed: 24 minute(s), 44 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)(END)Here is what I see on IPconfig \all (Before Router Reset)C:\Documents and Settings\Micheal Aubuchon>ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : computer-room Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : MSHomeEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : MSHome Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethrnet NIC Physical Address. . . . . . . . . : 00-0C-** (I Edited) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.6 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 192.168.2.1 Lease Obtained. . . . . . . . . . : Thursday, March 24, 2011 5:12:53 PM Lease Expires . . . . . . . . . . : Saturday, March 21, 2020 5:12:53 PMAll that seems normal. Not used to seing the Autoconfig there, but I don't wander into CMD on Windows much.Here is CHKDSK from usual user. Can't get to the root of the drive at C:\.C:\Documents and Settings\Micheal Aubuchon>chkdskThe type of the file system is NTFS.WARNING! F parameter not specified.Running CHKDSK in read-only mode.CHKDSK is verifying files (stage 1 of 3)...File verification completed.CHKDSK is verifying indexes (stage 2 of 3)...Index verification completed.CHKDSK is recovering lost files.CHKDSK is verifying security descriptors (stage 3 of 3)...Security descriptor verification completed.CHKDSK is verifying Usn Journal...Usn Journal verification completed.CHKDSK discovered free space marked as allocated in themaster file table (MFT) bitmap.CHKDSK discovered free space marked as allocated in the volume bitmap.Windows found problems with the file system.Run CHKDSK with the /F (fix) option to correct these. 187585775 KB total disk space. 13755572 KB in 34936 files. 9696 KB in 2863 indexes. 0 KB in bad sectors. 313323 KB in use by the system. 65536 KB occupied by the log file. 173507184 KB available on disk. 4096 bytes in each allocation unit. 46896443 total allocation units on disk. 43376796 allocation units available on disk.(END)Thank again for any help from the Malwarebytes team of Mods and all others who contribute. Program has saved me many of times. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:404595 Share Posted March 25, 2011 Ok here is my new Malwarebytes logMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6160Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.55123/24/2011 8:32:58 PMmbam-log-2011-03-24 (20-32-58).txtScan type: Quick scanObjects scanned: 142447Time elapsed: 2 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ENDI reset everything on just one computer. I then ran CCleaner after Malwarebytes. It found over 250 reg problems. I can post contents of the txt file it produced. Also I was alerted about updates for Windows, looks like the same programs as before. What is the link I am suppose to be viewing if on this page??? I know I need IE8 which is one, but could be reinstalling problem, also a Jscript 5.7 update. There is 4 in total it has ready. Don't want to install till I hear back. Thanks again. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:404596 Share Posted March 25, 2011 Ok here is my new Malwarebytes logMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6160Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.55123/24/2011 8:32:58 PMmbam-log-2011-03-24 (20-32-58).txtScan type: Quick scanObjects scanned: 142447Time elapsed: 2 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ENDI reset everything on just one computer. I then ran CCleaner after Malwarebytes. It found over 250 reg problems. I can post contents of the txt file it produced. Also I was alerted about updates for Windows, looks like the same programs as before. Avast seems to be back to normal. Looking at scan history, it hadn't scanned any files in over a week but had before. The version is new and links to Avast web site instead of a dead link. What is the link I am suppose to be viewing if on this page??? using Web Tools, there is a Ton of java going on.....I know I need IE8 which is one, but could be reinstalling problem, also a Jscript 5.7 update. There is 4 in total it has ready. Don't want to install till I hear back. Thanks again. Link to post Share on other sites More sharing options...
Staff screen317 Posted March 25, 2011 Staff ID:404670 Share Posted March 25, 2011 Hi,Hang on a minute. Let's slow down. After resetting the router and flushing the DNS cache, have the redirects stopped? If so, great.Outline the remaining issues you are experiencing separately and in detail. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:404790 Share Posted March 25, 2011 Think your router fix worked. My linux computer has the users whole profile saved. With logs and set up scripts and all. I captured on xp computer as well. the two computers that are online are still indefected. If you have a suggestion of files to look at let me know. Seems that all my computers where running shells inside a remote server. the narrator was sending tty mail messages to the remote host. Vista computer seems untouched.two xp and one seven, and a linux were affected. Story for format, using phone. Have tons of the files and logs though, sure how to completely remove theat. Thanks again, really thankful. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 25, 2011 Root Admin ID:404791 Share Posted March 25, 2011 Hello KingAbu,Chris has asked me to step in and assist you. Please correct me if I'm wrong but it seems like you're running Windows clients on a virtual host on Linux. Now you think that even the Linux box has been attacked or possibly rooted? Please provide more details on the relationship of the computers to each other, or are all of these stand alone computers all connected on the same LAN. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:404934 Share Posted March 25, 2011 Hi and thanks for your time. My setup is just a regular home network. I have two xp computers, a vista 64 bit, windows seven machine, and linux 10.04 machine. I am new to linux and was not running virtual machines.Was getting errors when validating html and css using firefox webtools, on my xp machine. Noticed that my links where being redirected so tried to reinstall firefox. Couldnt. was getting ping beeps when I turned them on. Went to router page and seen hundreds of attacks in security log. When trying to dig a little deeper, I couldn't run net diagnostic in msconfig, noticed in services thati wasn't running anything except some server client ones. Used a program active ports, seen a few dozen connectios, all from international areas. when trying to log on as admin on my xp computer, noticed that I was not able to get on any account accept a default one it. After doing as Sceen suggested, xp computer wouldn't boot, was locked to domain. Linux machine started in root, under unknown account, with tons of server files, and other stuff ihad never seen. Grading through logs, pretty apprent, that it was being controlled by a remote user. Took out the drive on the xp, and notice similar stuff. All kinds of scripts to redirect users, programs, and web pages. After testing router, was able to see all the directories that had been created, there is a massive amount of stuff.avast caught a few things but crashed when trying to move to chest. C cleaner removed hundreds of sever registry keys. That its as far as I got.Thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 25, 2011 Root Admin ID:405036 Share Posted March 25, 2011 Okay well first off you need to separate all of the computers from each other. They cannot be on the same network at the same time. Let's then start with one computer and get it cleaned up and functional again and then move on to the next one.So let's continue on with the XP computer you were working with Chris on. Shut down, or remove the network cable from the other computers so they cannot talk on the network anymore.Do you have a connection and clean computer that is capable of downloading an ISO image and burning a CD ? Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:405096 Share Posted March 25, 2011 Yes I have a clean computer and different access to the internet. It has a dvd burner, will dvdfab be able to burn the image? Any more info you need to help? The xp machine has two physical drives, its that ok or should I disconnect the extra one? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 25, 2011 Root Admin ID:405102 Share Posted March 25, 2011 Please restore the router to FACTORY defaults, often just a small pin hole in the back of the router you hold in for a few seconds or if you know how you can typically also do it through a browser.Then please go here and download the kav_rescue_10.iso image file to your system.If you need a FREE utility to properly burn the ISO image, you can use this one.ImgBurnHow to write an image file to a disc with ImgBurnThen once the CD has been created put it into the first infected computer and boot from the CD to run the Kaspersky Rescue Disk.Make sure all other computers are disconnected from the network but go ahead and allow this one to be connected and the KAV disk will try to setup a network connection and download the latest updates.Then go through the menus and basically allow it to scan and repair the infected computer.Once the KAV routine has finished please start the XP computer up normally and ensure your normal Anti-Virus is up and running and then connect to the network and try to run MBAM and check for updates and then run a Quick Scan with it and post back the logs.Also let me know how it's running now and if there are any other signs of an infection with that computer.DO NOT connect or share any USB devices between any of these computers either. Make sure they all stay isolated from each other until we're done. Link to post Share on other sites More sharing options...
KingAbu Posted March 25, 2011 Author ID:405114 Share Posted March 25, 2011 ok,sounds good. Possible that out could also have infected my phone? Its a samsung galaxy captivate. Usually charge it in office off my computer. just got the thing so not really familiar with it. I know currentlyit's usb settings are set at mass storage. I can't view running services like before, or find songs I had stored on it. I'm familiar enough to know where those should be, not so much with the android os. Runs 2.2.Thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 27, 2011 Root Admin ID:405605 Share Posted March 27, 2011 Checking back to see if you've been able to run the KAV CD on the system yet. Link to post Share on other sites More sharing options...
KingAbu Posted March 27, 2011 Author ID:405676 Share Posted March 27, 2011 Don't seem to a want to run it. Download was 200mb our so, used imgburn. Runs thenprocess ends with no log. Sorry for late response. Any online scan tool I could use, or boot program? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 27, 2011 Root Admin ID:405686 Share Posted March 27, 2011 Please see the following article for more information on the KAV Rescue CDIf you cannot get it to run then please run the following. Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
KingAbu Posted April 2, 2011 Author ID:410010 Share Posted April 2, 2011 Hey Advanced reply, sorry for late response, was starting to doubt my own sanity their for a while with this one lol. Well I am Downloading all the sofware you asked me to run before. I have the Kav Recovery CD burnt but it won't run on any of the computers, did once, then it appeared as if Linux ran on it, and my keyboard/mouse were shut off. Was able to install BartPe with tools on on of the XP's. Here is a little info from its HTML export of current system status. SYSTEM:Name Windows XP (Professional) Service Pack 2 BartPE Uniprocessor Free Kernel Version 5.1.2600.2180 Security 128 bits Serial Number **Product Name Microsoft Windows XP Build Lab 2600.xpsp_sp2_rtm.040803-2 Owner Administrator Organization Machine GUID 21d821c7-438c-41a0-a5e5-99247 Workgroup workgroup Computer Name MININT-JVC Language English (United States) Boot Time 04/02/2011 16:53:17.500 Running Time 35 minutes 36 seconds Screen Saver Direct3D Flying Objects Screen Saver System DirectoriesNamePathInternal Windows NameKey Active X Cache DirectoryB:\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings Application Specific Data DirectoryB:\UBCD4Win User Settings\Administrator\APPLICATION DATA\Application DataHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Administrative Tools DirectoryB:\UBCD4Win User Settings\Administrator\Start Menu\Programs\Administrative Tools\Administrative ToolsHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Application Data DirectoryB:\UBCD4Win User Settings\Administrator\Application Data\Application DataHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Desktop Directory DirectoryB:\UBCD4Win User Settings\Administrator\Common Desktop\Common DesktopHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Documents DirectoryB:\UBCD4Win User Settings\Administrator\MY DOCUMENTS\My DocumentsHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Favorites DirectoryB:\UBCD4Win User Settings\Administrator\Favorites\FavoritesHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Programs DirectoryB:\UBCD4Win User Settings\Administrator\START MENU\Programs\ProgramsHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Start Menu DirectoryB:\UBCD4Win User Settings\Administrator\START MENU\Start MenuHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Startup DirectoryB:\UBCD4Win User Settings\Administrator\Start Menu\Programs\Startup\StartupHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Common Templates DirectoryB:\UBCD4Win User Settings\Administrator\Templates\TemplatesHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Driver Cache Path DirectoryX:\I386\Driver Cache\ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup Internet Cookies DirectoryB:\UBCD4Win User Settings\Administrator\Cookies\CookiesHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Windows Desktop DirectoryB:\UBCD4Win User Settings\Administrator\Desktop\DesktopHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Desktop DirectoryB:\UBCD4Win User Settings\Administrator\Desktop\DesktopHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Device DirectoryX:\I386\INF\ HKLM\Software\Microsoft\Windows\CurrentVersion DLL Cache DirectoryX:\I386\SYSTEM32\dllcache\ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Favorites DirectoryB:\UBCD4Win User Settings\Administrator\FAVORITES\FavoritesHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Fonts DirectoryX:\I386\FONTS\FONTSHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders History DirectoryB:\UBCD4Win User Settings\Administrator\History\HistoryHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Internet Cache DirectoryB:\UBCD4Win User Settings\Administrator\Local Settings\Temporary Internet Files\Temporary Internet FilesHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Local Application Data DirectoryB:\UBCD4Win User Settings\Administrator\Local Settings\Application Data\Application DataHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Local Settings DirectoryB:\UBCD4Win User Settings\Administrator\Local Settings\ HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders My Documents DirectoryB:\UBCD4Win User Settings\Administrator\My Documents\My DocumentsHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders My Music DirectoryB:\UBCD4Win User Settings\Administrator\My Documents\My Music\My MusicHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders My Pictures DirectoryB:\UBCD4Win User Settings\Administrator\My Documents\My Pictures\My PicturesHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders My Network Places DirectoryB:\UBCD4Win User Settings\Administrator\NetHood\NetHoodHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Personal DirectoryB:\UBCD4Win User Settings\Administrator\My Documents\My DocumentsHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Printers Neighborhood DirectoryB:\UBCD4Win User Settings\Administrator\NetHood\PrintHoodHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Program Files DirectoryX:\PROGRAMS\PROGRAMSHKLM\Software\Microsoft\Windows\CurrentVersion Program Files Common DirectoryX:\I386\SYSTEM32\SYSTEM32HKLM\Software\Microsoft\Windows\CurrentVersion Programs DirectoryB:\UBCD4Win User Settings\Administrator\Start Menu\Programs\ProgramsHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Recent Documents DirectoryB:\UBCD4Win User Settings\Administrator\Recent\RecentHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Resource DirectoryX:\I386\resources\RESOURCES Send To DirectoryB:\UBCD4Win User Settings\Administrator\SENDTO\SENDTOHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Start Menu DirectoryB:\UBCD4Win User Settings\Administrator\Start Menu\Start MenuHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Startup DirectoryB:\UBCD4Win User Settings\Administrator\START MENU\Programs\Startup\StartupHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders System DirectoryX:\I386\SYSTEM32\SYSTEM32 Temp DirectoryB:\ HKCU\Environment Templates DirectoryB:\UBCD4Win User Settings\Administrator\TEMPLATES\TemplatesHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Tmp DirectoryB:\ HKCU\Environment Wall Paper DirectoryX:\I386\SYSTEM32\ HKLM\Software\Microsoft\Windows\CurrentVersion Windows DirectoryX:\I386\I386 x86 System DirectoryX:\I386\SYSTEM32\SYSTEM32 Target RootC:\WINDOWS\ HKCU\EnvironmentGoing to run MalwareBites only and post the log. Not concerned about cleaning this computer. I need a solution to be able to clean all 5 computers, seems even secondary drives contaminate clean installs on offline computers. Available all night, only day I can get everyone off the lan at the same time...Thanks so much for your time... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 5, 2011 Root Admin ID:411278 Share Posted April 5, 2011 Well I'm not sure what you're doing or what's going on but there really should be no way possible for a slaved drive to infect the current system unless you launch or otherwise run one of the infected files. It might be or have gotten infected by being connected on the same network which does happen. But a fully UP TO DATE system with ALL Microsoft critical updates and live up to date Anti-Virus like Symantec 2011 or Kaspersky or NOD32 4 should not be able to get infected very easily especially like I say as a slaved drive.Please disconnect any infected system from the network and isolate until all systems are clean.From a CLEAN computer download and burn to a CD the following tool and run it on the affected computer and report back what it finds please.Please download to your Desktop: Dr.Web CureItAfter the file has downloaded, disable your current Anti-Virus and disconnect from the InternetDoubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.Once the short scan has finished, Click on the Complete scan radio button.Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the LanguageChoose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)On the File types tab ensure you select All filesClick on the Actions tab and set the following:Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = ReportInfected packages Archive = Move, E-mails = Report, Containers = MoveMalware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = MoveDo not change the Rename extension - default is: #??Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\Leave prompt on Action checked[*]On the Log file tab leave the Log to file checked.[*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log[*]Log mode = Append[*]Encoding = ANSI[*]Details Leave Names of file packers and Statistics checked.[*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.[*]On the General tab leave the Scan Priority on High[*]Click the Apply button at the bottom, and then the OK button.[*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.[*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives[*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.[*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.[*]Click 'Yes to all' if it asks if you want to cure/move the files.[*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)[*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list[*]Save the report to your Desktop. The report will be called DrWeb.csv[*]Close Dr.Web Cureit.[*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.[*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log. Link to post Share on other sites More sharing options...
KingAbu Posted April 5, 2011 Author ID:411679 Share Posted April 5, 2011 Thanks again. Well my attempts to get the new version of mal ware bytes got my one computer infected again. Out was the only one on network. I have attempted reinstall on two machines, both fail, even with fresh hard drive. with an oem vista, xp or 7 disk, I get same error, cpu error checking disabled, and to check that my bios cache and shadowing are disabled. im getting that program you just told me to, and mbam. will update as soon as I run them. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 6, 2011 Root Admin ID:412350 Share Posted April 6, 2011 checking back to see how things are going now. Perhaps you should download, burn to CD the programs or tools from a work or friends computer and then use the CD at home. Keep all systems off of the network until they're doing better.Also maybe download a full trial version of Kaspersky or Symantec AV to burn to disk as well for help in cleaning. Link to post Share on other sites More sharing options...
KingAbu Posted April 7, 2011 Author ID:412463 Share Posted April 7, 2011 Hi and thanks for the help. I have a vista and xp running off clean installs. Going to run DrWeb in the morning, both quick and scan. Both have a "LL" type drives labeled as C: Windows is under D:This computer is on the net, and this is all I get searching for the log." encoding="UTF-8"?><!-- IIS configuration sections. For schema documentation, see %windir%\system32\inetsrv\config\schema\IIS_schema.xml. Please make a backup of this file before making any changes to it.--><configuration> <!-- The <configSections> section controls the registration of sections. Section is the basic unit of deployment, locking, searching and containment for configuration settings. Every section belongs to one section group. A section group is a container of logically-related sections. Sections cannot be nested. Section groups may be nested. <section name="" [Required, Collection Key] [xml name of the section] allowDefinition="Everywhere" [MachineOnly|MachineToApplication|AppHostOnly|Everywhere] [Level where it can be set] overrideModeDefault="Allow" [Allow|Deny] [Default delegation mode] allowLocation="true" [true|false] [Allowed in location tags] /> The recommended way to unlock sections is by using a location tag: <location path="Default Web Site" overrideMode="Allow"> <system.webServer> <asp /> </system.webServer> </location> --> <configSections> <sectionGroup name="system.applicationHost"> <section name="applicationPools" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="configHistory" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="customMetadata" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="listenerAdapters" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="log" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="sites" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="webLimits" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> </sectionGroup> <sectionGroup name="system.webServer"> <section name="asp" overrideModeDefault="Deny" /> <section name="caching" overrideModeDefault="Allow" /> <section name="cgi" overrideModeDefault="Deny" /> <section name="defaultDocument" overrideModeDefault="Allow" /> <section name="directoryBrowse" overrideModeDefault="Allow" /> <section name="fastCgi" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="globalModules" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="handlers" overrideModeDefault="Deny" /> <section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="httpErrors" overrideModeDefault="Deny" /> <section name="httpLogging" overrideModeDefault="Deny" /> <section name="httpProtocol" overrideModeDefault="Allow" /> <section name="httpRedirect" overrideModeDefault="Allow" /> <section name="httpTracing" overrideModeDefault="Deny" /> <section name="isapiFilters" allowDefinition="MachineToApplication" overrideModeDefault="Deny" /> <section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" /> <section name="odbcLogging" overrideModeDefault="Deny" /> <sectionGroup name="security"> <section name="access" overrideModeDefault="Deny" /> <section name="applicationDependencies" overrideModeDefault="Deny" /> <sectionGroup name="authentication"> <section name="anonymousAuthentication" overrideModeDefault="Deny" /> <section name="basicAuthentication" overrideModeDefault="Deny" /> <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" /> <section name="digestAuthentication" overrideModeDefault="Deny" /> <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" /> <section name="windowsAuthentication" overrideModeDefault="Deny" /> </sectionGroup> <section name="authorization" overrideModeDefault="Allow" /> <section name="ipSecurity" overrideModeDefault="Deny" /> <section name="isapiCgiRestriction" allowDefinition="AppHostOnly" overrideModeDefault="Deny" /> <section name="requestFiltering" overrideModeDefault="Allow" /> </sectionGroup> <section name="serverRuntime" overrideModeDefault="Deny" /> <section name="serverSideInclude" overrideModeDefault="Deny" /> <section name="staticContent" overrideModeDefault="Allow" /> <sectionGroup name="tracing"> <section name="traceFailedRequests" overrideModeDefault="Allow" /> <section name="traceProviderDefinitions" overrideModeDefault="Deny" /> </sectionGroup> <section name="urlCompression" overrideModeDefault="Allow" /> <section name="validation" overrideModeDefault="Allow" /> </sectionGroup> </configSections> <configProtectedData> <providers> <add name="IISWASOnlyRsaProvider" type="" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useMachineContainer="true" useOAEP="false" /> <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisConfigurationKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAAKx+YNgjl1ZZsp04r3V3cIYkC9HjLbRD8rIdQt4D+w9EN1eqaYHpsQ4AZVP4a2ZqFiKtSZZcYR/SJ0nLzZCeAboaRDbctCUshHtckykn5qeLGGwpUs2Pa2eHtGQC2m+axHyh3vp03S4hQkfRkaqU2cqifWgo63aE6gEHP9dks/EI=" /> <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAALPb4VYj+Dz/X58+CU1qRM68wSamWh/9pxgwi9Y88r9ADdtOSTJXyClbIvsBAwPd0hJiXNJHcTfXONwu40FY5hFr8oWy47BJ6wavQpL29Obe40jC5DC4ETucpcb4aK8tD1QjIWvnRjNjDPeTbOF+mBFT0Ozj2OdTSxDdO89BxRjo=" /> </providers> </configProtectedData> <system.applicationHost> <applicationPools> <add name="DefaultAppPool" /> <applicationPoolDefaults> <processModel identityType="NetworkService" /> </applicationPoolDefaults> </applicationPools> <!-- The <customMetadata> section is used internally by the Admin Base Objects (ABO) Compatibility component. Please do not modify its content. --> <customMetadata /> <!-- The <listenerAdapters> section defines the protocols with which the Windows Process Activation Service (WAS) binds. --> <listenerAdapters> <add name="http" /> </listenerAdapters> <log> <centralBinaryLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" /> <centralW3CLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" /> </log> <sites> <site name="Default Web Site" id="1"> <application path="/"> <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" /> </application> </site> <siteDefaults> <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" /> <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" /> </siteDefaults> <applicationDefaults applicationPool="DefaultAppPool" /> <virtualDirectoryDefaults allowSubDirConfig="true" /> </sites> <webLimits /> </system.applicationHost> <system.webServer> <asp /> <caching /> <cgi /> <defaultDocument /> <directoryBrowse /> <fastCgi /> <!-- The <globalModules> section defines all native-code modules. To enable a module, specify it in the <modules> section. --> <globalModules /> <handlers /> <httpCompression /> <httpErrors /> <httpLogging /> <httpProtocol /> <httpRedirect /> <httpTracing /> <isapiFilters /> <modules /> <odbcLogging /> <security> <access /> <applicationDependencies /> <authentication> <anonymousAuthentication /> <basicAuthentication /> <clientCertificateMappingAuthentication /> <digestAuthentication /> <iisClientCertificateMappingAuthentication /> <windowsAuthentication /> </authentication> <authorization /> <ipSecurity /> <isapiCgiRestriction /> <requestFiltering /> </security> <serverRuntime /> <serverSideInclude /> <staticContent /> <tracing> <traceFailedRequests /> <traceProviderDefinitions /> </tracing> <urlCompression /> <validation /> </system.webServer></configuration>Its under applicationhost.csvWill provide more tomorrow. Avast is always just shutting down, and or running clean on quick.Thanks for bearing with me. I noticed linux on every machine, I can get to it from forcing in CMD, but I dont change settings.Thanks again, If you could point me to the log, I have tried the path you provided during set up Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 7, 2011 Root Admin ID:412494 Share Posted April 7, 2011 If you mean the Dr Web log it should be located here: %USERPROFILE%\DoctorWeb\CureIt.logIf you click on START RUN and type or copy/paste NOTEPAD.EXE %USERPROFILE%\DoctorWeb\CureIt.log and click OK it should open that log when the Dr Web scan is done. Link to post Share on other sites More sharing options...
KingAbu Posted April 8, 2011 Author ID:412840 Share Posted April 8, 2011 I ran Dr.Web on a Windows Vista Buisness machine. Dell D630 Latitude. Log was to large to copy and past. Saved as a txt and attached. Thanks.logofcureit.txt Link to post Share on other sites More sharing options...
KingAbu Posted April 8, 2011 Author ID:412867 Share Posted April 8, 2011 =======================================================================================================================================================================================================================================Dr.Web Scanner for Windows v6.00.8 (6.00.8.03140)© Doctor Web, Ltd., 1992-2011Log generated on: 2011-04-06, 21:14:10 [FIRSTCASH-PC][first cash]Command line: "C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\25204_xp.exe" /lng /ini:setup_xp.ini /fastOperating system: Windows Vista Business x86 (Build 6001), Service Pack 1=============================================================================DwShield startedEngine version: 5.00 (5.00.2.03300)Engine API version: 2.02[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\e7a13939 - 1828 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d1e2a3ef - 1209 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\b50370ff - 8998 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\68591c30 - 9352 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c2b011ec - 4901 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\57b26285 - 7472 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\f0c2eb0a - 13720 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\5748ff54 - 12944 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1fd7ff2b - 17300 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\50c46062 - 17443 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a310b583 - 18483 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\604ba801 - 14834 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\48c2a1cc - 14185 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1be6ef7a - 13370 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\7815825c - 7482 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1c307ac6 - 11624 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\40c79f6a - 10523 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a865be6b - 10122 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\2220d710 - 10453 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d4ed8514 - 10778 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1645d152 - 9822 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\b8bfedb6 - 14045 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\154b9aad - 7028 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\ca806955 - 8674 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\ed7a97d0 - 8626 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1eeb4d0a - 8231 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4d6c453e - 10397 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\05728e3b - 11234 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a235d50f - 10356 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4ee2d15d - 11383 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\db22925f - 8957 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\124bddab - 11015 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\0a531463 - 11168 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\b9ea8d41 - 7798 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\308f1461 - 7873 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4db2492d - 6904 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\6a8ddd96 - 6503 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\91e1f0d1 - 9823 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d474590a - 7572 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\9b19adf4 - 6996 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a15c275f - 16360 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a2913fcf - 29168 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d64a7fab - 34202 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\73c36913 - 28292 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\39af1e87 - 27164 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\47bb952e - 25131 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\8ace15c9 - 31464 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4cec6c89 - 18281 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c4699679 - 18009 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\6de8ed1e - 24685 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\bdfe21ff - 13651 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\823993c3 - 16025 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4fd0ef35 - 15644 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\04b9f78c - 23265 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c1287951 - 23135 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\2f523e4a - 20510 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\0834e2a7 - 25475 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\577a5b83 - 16298 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\71e4f153 - 19357 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\6510841b - 18381 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4926d0d9 - 19562 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\8e82c79e - 27102 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\0679ad25 - 21223 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\f1111778 - 24847 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\91b8c72a - 23251 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a10bb838 - 14982 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\8c05e4fb - 16778 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\8f81809b - 18725 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\79bc6cc3 - 18429 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\9b67a86b - 6220 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\9ebc8327 - 142240 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\2c6fdbe4 - 66726 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\f5dd1b88 - 24512 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\27f2e72c - 82762 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\35d28591 - 508543 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c6458983 - 1021 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d1fa0ab2 - 1578 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\3f223c19 - 1959 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\4a514d0a - 2033 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\12a5ab08 - 1812 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\e0932069 - 1738 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\55e46682 - 1885 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\16ced336 - 2091 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c1ec67d4 - 1569 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\6613efcb - 1834 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\75d5f07b - 29 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\ddedb719 - 1819 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\d402734c - 2229 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\b2a854d0 - 1833 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\e16d52b0 - 1614 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\c5508294 - 2297 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\62158bef - 2110 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\36bc3e47 - 2007 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1f5c83f6 - 2370 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\29168043 - 2241 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a2580a47 - 2596 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\bb81364c - 2024 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\6780ce15 - 1609 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\ac533cfb - 1471 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\a675f90c - 1445 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\8ae13188 - 1895 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\cc0ca638 - 2312 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\e904b276 - 3006 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\bb109728 - 2146 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\63f4619c - 1714 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\1e36a401 - 2095 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\65d759ac - 2715 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\821745cb - 2545 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\7f346069 - 2801 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\496b94ef - 6197 virus records[Virus database] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\0d40df71 - 28348 virus recordsTotal virus records: 1962813[self-checking] C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\25204_xp.exeKey file: C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\setup.keyLicense key number: 0013622856Registered to: An unauthorized UserLicense key activates on: 2011-03-10License key expires on: 2012-03-11Process in memory: System:4 - OKProcess in memory: C:\Windows\System32\svchost.exe:124 - OKProcess in memory: C:\Windows\System32\SearchIndexer.exe:304 - OKProcess in memory: C:\Windows\System32\smss.exe:396 - OKProcess in memory: C:\Windows\System32\csrss.exe:512 - OKProcess in memory: C:\Windows\System32\wininit.exe:572 - OKProcess in memory: C:\Windows\System32\csrss.exe:584 - OKProcess in memory: C:\Windows\System32\services.exe:616 - OKProcess in memory: C:\Windows\System32\lsass.exe:628 - OKProcess in memory: C:\Windows\System32\lsm.exe:636 - OKProcess in memory: C:\Windows\System32\svchost.exe:796 - OKProcess in memory: C:\Windows\System32\nvvsvc.exe:840 - OKProcess in memory: C:\Windows\System32\svchost.exe:868 - OKProcess in memory: C:\Windows\System32\svchost.exe:904 - OKProcess in memory: C:\Windows\System32\svchost.exe:952 - OKProcess in memory: C:\Windows\System32\svchost.exe:980 - OKProcess in memory: C:\Windows\System32\svchost.exe:1000 - OKProcess in memory: C:\Windows\System32\winlogon.exe:1060 - OKProcess in memory: C:\Windows\System32\audiodg.exe:1100 - OKProcess in memory: C:\Windows\System32\SLsvc.exe:1176 - OKProcess in memory: C:\Windows\System32\svchost.exe:1224 - OKProcess in memory: C:\Windows\System32\nvvsvc.exe:1396 - OKProcess in memory: C:\Windows\System32\svchost.exe:1412 - OKProcess in memory: C:\Windows\System32\spoolsv.exe:1676 - OKProcess in memory: C:\Windows\System32\svchost.exe:1716 - OKProcess in memory: C:\Windows\System32\svchost.exe:1928 - OKProcess in memory: C:\Windows\System32\svchost.exe:2020 - OKProcess in memory: C:\Windows\System32\dwm.exe:2156 - OKProcess in memory: C:\Windows\explorer.exe:2184 - OKProcess in memory: C:\Windows\System32\taskeng.exe:2276 - OKProcess in memory: C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe:2504 - OKProcess in memory: C:\Windows\System32\taskeng.exe:2512 - OKProcess in memory: C:\Windows\System32\rundll32.exe:2620 - OKProcess in memory: C:\Program Files\Windows Sidebar\sidebar.exe:2676 - OKProcess in memory: C:\Program Files\Windows Media Player\wmpnscfg.exe:2688 - OKProcess in memory: C:\Windows\System32\taskeng.exe:2880 - OKProcess in memory: C:\Program Files\Windows Media Player\wmpnetwk.exe:3140 - OKProcess in memory: C:\Windows\System32\wbem\WmiPrvSE.exe:3256 - OKProcess in memory: C:\Users\first cash\Desktop\drweb-cureit.exe:3460 - OKProcess in memory: C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\718691.exe:3740 - OKProcess in memory: C:\Windows\System32\ctfmon.exe:3784 - OKProcess in memory: C:\Users\first cash\AppData\Local\Temp\A9B364F2-627CD846-2F2EC0B4-24F8088\25204_xp.exe:3836 - OKProcess in memory: C:\Windows\System32\wuauclt.exe:4080 - OK[Memory scanning] No viruses foundMaster Boot Record HDD1 - OKActive OS/2 or WinNT Boot Sector HDD1 - OK[scan path] C:\Windows\system32C:\Windows\system32\12520437.cpx - OKC:\Windows\system32\12520850.cpx - OKC:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - OKC:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - OKC:\Windows\system32\8point1.wav - OKC:\Windows\system32\aaclient.dll - OKC:\Windows\system32\accessibilitycpl.dll - OKC:\Windows\system32\ACCTRES.dll - OKC:\Windows\system32\acledit.dll - OKC:\Windows\system32\aclui.dll - OKC:\Windows\system32\acppage.dll - OKC:\Windows\system32\acprgwiz.dll - OKC:\Windows\system32\ActionQueue.dll - OKC:\Windows\system32\ActiveContentWizard.dll packed by ZLIB>C:\Windows\system32\ActiveContentWizard.dll - archive BINARYRES>>C:\Windows\system32\ActiveContentWizard.dll/data001 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data002 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data003 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data004 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data005 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data006 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data007 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data008 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data009 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data010 - OK>>C:\Windows\system32\ActiveContentWizard.dll/data011 - OK>C:\Windows\system32\ActiveContentWizard.dll - OKC:\Windows\system32\activeds.dll - OKC:\Windows\system32\activeds.tlb - OKC:\Windows\system32\actxprxy.dll - OKC:\Windows\system32\ACW.exe - OKC:\Windows\system32\acwizard.ico - OKC:\Windows\system32\AdapterTroubleshooter.exe - OKC:\Windows\system32\admparse.dll - OKC:\Windows\system32\adsldp.dll - OKC:\Windows\system32\adsldpc.dll - OKC:\Windows\system32\adsmsext.dll - OKC:\Windows\system32\adsnt.dll - OKC:\Windows\system32\adtschema.dll - OKC:\Windows\system32\advapi32.dll - OKC:\Windows\system32\advpack.dll - OKC:\Windows\system32\aecache.dll - OKC:\Windows\system32\aelupsvc.dll - OKC:\Windows\system32\alg.exe - OKC:\Windows\system32\AltTab.dll - OKC:\Windows\system32\amcompat.tlb - OKC:\Windows\system32\amstream.dll - OKC:\Windows\system32\amxread.dll - OKC:\Windows\system32\ANSI.SYS - OKC:\Windows\system32\apds.dll - OKC:\Windows\system32\apilogen.dll - OKC:\Windows\system32\apircl.dll - OKC:\Windows\system32\append.exe - OKC:\Windows\system32\apphelp.dll - OKC:\Windows\system32\Apphlpdm.dll - OKC:\Windows\system32\appinfo.dll - OKC:\Windows\system32\appmgmts.dll - OKC:\Windows\system32\appmgr.dll - OKC:\Windows\system32\appwiz.cpl - OKC:\Windows\system32\apss.dll - OKC:\Windows\system32\ARP.EXE - OKC:\Windows\system32\asferror.dll - OKC:\Windows\system32\asycfilt.dll - OKC:\Windows\system32\at.exe - OKC:\Windows\system32\AtBroker.exe - OKC:\Windows\system32\atl.dll - OKC:\Windows\system32\atmfd.dll - OKC:\Windows\system32\atmlib.dll - OKC:\Windows\system32\attrib.exe - OKC:\Windows\system32\audiodev.dll - OKC:\Windows\system32\audiodg.exe - OKC:\Windows\system32\AudioEng.dll - OKC:\Windows\system32\AUDIOKSE.dll - OKC:\Windows\system32\AudioSes.dll - OKC:\Windows\system32\audiosrv.dll - OKC:\Windows\system32\auditpol.exe - OKC:\Windows\system32\Aurora.scr - OKC:\Windows\system32\authfwcfg.dll - OKC:\Windows\system32\AuthFWGP.dll - OKC:\Windows\system32\AuthFWSnapin.dll - OKC:\Windows\system32\AuthFWWizFwk.dll - OKC:\Windows\system32\authui.dll - OKC:\Windows\system32\authz.dll - OKC:\Windows\system32\autochk.exe - OKC:\Windows\system32\autoconv.exe - OKC:\Windows\system32\autoexec.nt - OKC:\Windows\system32\autofmt.exe - OKC:\Windows\system32\autoplay.dll - OKC:\Windows\system32\AuxiliaryDisplayApi.dll - OKC:\Windows\system32\AuxiliaryDisplayClassInstaller.dll - OKC:\Windows\system32\AuxiliaryDisplayCpl.dll - OKC:\Windows\system32\AuxiliaryDisplayDriverLib.dll - OKC:\Windows\system32\AuxiliaryDisplayServices.dll - OKC:\Windows\system32\avicap.dll - OKC:\Windows\system32\avicap32.dll - OKC:\Windows\system32\avifil32.dll - OKC:\Windows\system32\avifile.dll - OKC:\Windows\system32\avrt.dll - OKC:\Windows\system32\axaltocm.dll - OKC:\Windows\system32\azman.msc - OKC:\Windows\system32\azroles.dll - OKC:\Windows\system32\azroleui.dll - OKC:\Windows\system32\AzSqlExt.dll packed by PESTUB>C:\Windows\system32\AzSqlExt.dll - OKC:\Windows\system32\basecsp.dll - OKC:\Windows\system32\basesrv.dll - OKC:\Windows\system32\batmeter.dll - OKC:\Windows\system32\batt.dll packed by PESTUB>C:\Windows\system32\batt.dll - OKC:\Windows\system32\bcdedit.exe - OKC:\Windows\system32\bcdprov.dll - OKC:\Windows\system32\bcdsrv.dll - OKC:\Windows\system32\bcrypt.dll - OKC:\Windows\system32\bdaplgin.ax - OKC:\Windows\system32\BFE.DLL - OKC:\Windows\system32\bidispl.dll - OKC:\Windows\system32\bios1.rom - OKC:\Windows\system32\bios4.rom - OKC:\Windows\system32\bitsadmin.exe - OKC:\Windows\system32\bitsigd.dll - OKC:\Windows\system32\bitsperf.dll - OKC:\Windows\system32\bitsprx2.dll - OKC:\Windows\system32\bitsprx3.dll - OKC:\Windows\system32\bitsprx4.dll - OKC:\Windows\system32\bitsprx5.dll - OKC:\Windows\system32\blackbox.dll - OKC:\Windows\system32\BlbEvents.dll - OKC:\Windows\system32\blbres.dll - OKC:\Windows\system32\blb_ps.dll - OKC:\Windows\system32\bootcfg.exe - OKC:\Windows\system32\bootstr.dll - OKC:\Windows\system32\BOOTVID.DLL - OKC:\Windows\system32\bopomofo.uce - OKC:\Windows\system32\brcoinst.dll - OKC:\Windows\system32\brcpl.dll - OKC:\Windows\system32\brcplsdw.dll - OKC:\Windows\system32\brcplsiw.dll - OKC:\Windows\system32\brdgcfg.dll - OKC:\Windows\system32\bridgeres.dll - OKC:\Windows\system32\bridgeunattend.exe - OKC:\Windows\system32\browser.dll - OKC:\Windows\system32\browseui.dll - OKC:\Windows\system32\bthci.dll packed by PESTUB>C:\Windows\system32\bthci.dll - OKC:\Windows\system32\bthprops.cpl - OKC:\Windows\system32\bthserv.dll - OKC:\Windows\system32\bthudtask.exe - OKC:\Windows\system32\btpanui.dll - OKC:\Windows\system32\Bubbles.scr - OKC:\Windows\system32\cabinet.dll - OKC:\Windows\system32\cabview.dll - OKC:\Windows\system32\cacls.exe - OKC:\Windows\system32\calc.exe - OKC:\Windows\system32\capisp.dll packed by PESTUB>C:\Windows\system32\capisp.dll - OKC:\Windows\system32\catsrv.dll - OKC:\Windows\system32\catsrvps.dll - OKC:\Windows\system32\catsrvut.dll - OKC:\Windows\system32\cbsra.exe - OKC:\Windows\system32\cdd.dll packed by FLY-CODE>C:\Windows\system32\cdd.dll - OKC:\Windows\system32\cdosys.dll - archive BINARYRES>C:\Windows\system32\cdosys.dll/data001 - OK>C:\Windows\system32\cdosys.dll/data002 - OKC:\Windows\system32\cdosys.dll - OKC:\Windows\system32\certcli.dll - OKC:\Windows\system32\certenc.dll - OKC:\Windows\system32\CertEnroll.dll - OKC:\Windows\system32\CertEnrollCtrl.exe - OKC:\Windows\system32\CertEnrollUI.dll - OKC:\Windows\system32\certmgr.dll - OKC:\Windows\system32\certmgr.msc - OKC:\Windows\system32\certprop.dll - OKC:\Windows\system32\certreq.exe - OKC:\Windows\system32\certutil.exe - OKC:\Windows\system32\cewmdm.dll - OKC:\Windows\system32\cfgbkend.dll - OKC:\Windows\system32\cfgmgr32.dll - OKC:\Windows\system32\chajei.ime - OKC:\Windows\system32\change.exe - OKC:\Windows\system32\charmap.exe - OKC:\Windows\system32\chcp.com - OKC:\Windows\system32\chglogon.exe - OKC:\Windows\system32\chgport.exe - OKC:\Windows\system32\chgusr.exe - OKC:\Windows\system32\chkdsk.exe - OKC:\Windows\system32\chkntfs.exe - OKC:\Windows\system32\choice.exe - OKC:\Windows\system32\chsbrkr.dll - OKC:\Windows\system32\chtbrkr.dll packed by PESTUB>C:\Windows\system32\chtbrkr.dll - OKC:\Windows\system32\CHxReadingStringIME.dll - OKC:\Windows\system32\ci.dll - OKC:\Windows\system32\cic.dll - OKC:\Windows\system32\cintlgnt.ime - OKC:\Windows\system32\cipher.exe - OKC:\Windows\system32\CIRCoInst.dll - OKC:\Windows\system32\clb.dll - OKC:\Windows\system32\clbcatq.dll - OKC:\Windows\system32\cleanmgr.exe - OKC:\Windows\system32\clfs.sys - OKC:\Windows\system32\clfsw32.dll - OKC:\Windows\system32\cliconfg.dll - OKC:\Windows\system32\cliconfg.exe - OKC:\Windows\system32\cliconfg.rll - OKC:\Windows\system32\clip.exe - OKC:\Windows\system32\clusapi.dll - OKC:\Windows\system32\cmcfg32.dll packed by PESTUB>C:\Windows\system32\cmcfg32.dll - OKC:\Windows\system32\cmd.exe - OKC:\Windows\system32\cmdial32.dll - OKC:\Windows\system32\cmdkey.exe - OKC:\Windows\system32\cmdl32.exe - OKC:\Windows\system32\cmicryptinstall.dll - OKC:\Windows\system32\cmifw.dll - OKC:\Windows\system32\cmipnpinstall.dll - OKC:\Windows\system32\cmlua.dll packed by PESTUB>C:\Windows\system32\cmlua.dll - OKC:\Windows\system32\cmmon32.exe - OKC:\Windows\system32\cmpbk32.dll - OKC:\Windows\system32\cmstp.exe - OKC:\Windows\system32\cmstplua.dll packed by PESTUB>C:\Windows\system32\cmstplua.dll - OKC:\Windows\system32\cmutil.dll - OKC:\Windows\system32\cngaudit.dll - OKC:\Windows\system32\cnvfat.dll - OKC:\Windows\system32\cofire.exe - OKC:\Windows\system32\cofiredm.dll packed by PESTUB>C:\Windows\system32\cofiredm.dll - OKC:\Windows\system32\colbact.dll - OKC:\Windows\system32\collab.cpl - OKC:\Windows\system32\COLORCNV.DLL - OKC:\Windows\system32\colorcpl.exe - OKC:\Windows\system32\colorui.dll - OKC:\Windows\system32\comcat.dll - OKC:\Windows\system32\comctl32.dll - OKC:\Windows\system32\comdlg32.dll - OKC:\Windows\system32\comexp.msc - OKC:\Windows\system32\COMM.drv - OKC:\Windows\system32\COMMAND.COM - OKC:\Windows\system32\COMMDLG.DLL - OKC:\Windows\system32\comp.exe - OKC:\Windows\system32\compact.exe - OKC:\Windows\system32\CompatUI.dll - OKC:\Windows\system32\compmgmt.msc - OKC:\Windows\system32\CompMgmtLauncher.exe - OKC:\Windows\system32\compobj.dll - OKC:\Windows\system32\compstui.dll - OKC:\Windows\system32\ComputerDefaults.exe - OKC:\Windows\system32\comrepl.dll - OKC:\Windows\system32\comres.dll - OKC:\Windows\system32\comsnap.dll - OKC:\Windows\system32\comsvcs.dll - OKC:\Windows\system32\comuid.dll - OKC:\Windows\system32\config.nt - OKC:\Windows\system32\conime.exe - OKC:\Windows\system32\connect.dll - OKC:\Windows\system32\consent.exe - OKC:\Windows\system32\console.dll - OKC:\Windows\system32\control.exe - OKC:\Windows\system32\convert.exe - OKC:\Windows\system32\corpol.dll - OKC:\Windows\system32\country.sys - OKC:\Windows\system32\credssp.dll - OKC:\Windows\system32\credui.dll - OKC:\Windows\system32\credwiz.exe - OKC:\Windows\system32\CRPPresentation.dll - OKC:\Windows\system32\crtdll.dll - OKC:\Windows\system32\crypt32.dll - OKC:\Windows\system32\cryptdlg.dll - OKC:\Windows\system32\cryptdll.dll - OKC:\Windows\system32\cryptext.dll - OKC:\Windows\system32\cryptnet.dll - OKC:\Windows\system32\cryptsvc.dll - OKC:\Windows\system32\cryptui.dll - OKC:\Windows\system32\cscapi.dll - OKC:\Windows\system32\cscdll.dll - OKC:\Windows\system32\CscMig.dll - OKC:\Windows\system32\cscobj.dll - OKC:\Windows\system32\cscript.exe - OKC:\Windows\system32\cscsvc.dll - OKC:\Windows\system32\cscui.dll - OKC:\Windows\system32\csrsrv.dll - OKC:\Windows\system32\csrss.exe - OKC:\Windows\system32\csrstub.exe - OKC:\Windows\system32\ctfmon.exe - OKC:\Windows\system32\ctl3d32.dll - OKC:\Windows\system32\ctl3dv2.dll - OKC:\Windows\system32\C_037.NLS - OKC:\Windows\system32\C_10000.NLS - OKC:\Windows\system32\C_10001.NLS - OKC:\Windows\system32\C_10002.NLS - OKC:\Windows\system32\C_10003.NLS - OKC:\Windows\system32\C_10004.NLS - OKC:\Windows\system32\C_10005.NLS - OKC:\Windows\system32\C_10006.NLS - OKC:\Windows\system32\C_10007.NLS - OKC:\Windows\system32\C_10008.NLS - OKC:\Windows\system32\C_10010.NLS - OKC:\Windows\system32\C_10017.NLS - OKC:\Windows\system32\C_10021.NLS - OKC:\Windows\system32\C_10029.NLS - OKC:\Windows\system32\C_10079.NLS - OKC:\Windows\system32\C_10081.NLS - OKC:\Windows\system32\C_10082.NLS - OKC:\Windows\system32\C_1026.NLS - OKC:\Windows\system32\C_1047.NLS - OKC:\Windows\system32\C_1140.NLS - OKC:\Windows\system32\C_1141.NLS - OKC:\Windows\system32\C_1142.NLS - OKC:\Windows\system32\C_1143.NLS - OKC:\Windows\system32\C_1144.NLS - OKC:\Windows\system32\C_1145.NLS - OKC:\Windows\system32\C_1146.NLS - OKC:\Windows\system32\C_1147.NLS - OKC:\Windows\system32\C_1148.NLS - OKC:\Windows\system32\C_1149.NLS - OKC:\Windows\system32\C_1250.NLS - OKC:\Windows\system32\C_1251.NLS - OKC:\Windows\system32\C_1252.NLS - OKC:\Windows\system32\C_1253.NLS - OKC:\Windows\system32\C_1254.NLS - OKC:\Windows\system32\C_1255.NLS - OKC:\Windows\system32\C_1256.NLS - OKC:\Windows\system32\C_1257.NLS - OKC:\Windows\system32\C_1258.NLS - OKC:\Windows\system32\C_1361.NLS - OKC:\Windows\system32\C_20000.NLS - OKC:\Windows\system32\C_20001.NLS - OKC:\Windows\system32\C_20002.NLS - OKC:\Windows\system32\C_20003.NLS - OKC:\Windows\system32\C_20004.NLS - OKC:\Windows\system32\C_20005.NLS - OKC:\Windows\system32\C_20105.NLS - OKC:\Windows\system32\C_20106.NLS - OKC:\Windows\system32\C_20107.NLS - OKC:\Windows\system32\C_20108.NLS - OKC:\Windows\system32\C_20127.NLS - OKC:\Windows\system32\C_20261.NLS - OKC:\Windows\system32\C_20269.NLS - OKC:\Windows\system32\C_20273.NLS - OKC:\Windows\system32\C_20277.NLS - OKC:\Windows\system32\C_20278.NLS - OKC:\Windows\system32\C_20280.NLS - OKC:\Windows\system32\C_20284.NLS - OKC:\Windows\system32\C_20285.NLS - OKC:\Windows\system32\C_20290.NLS - OKC:\Windows\system32\C_20297.NLS - OKC:\Windows\system32\C_20420.NLS - OKC:\Windows\system32\C_20423.NLS - OKC:\Windows\system32\C_20424.NLS - OKC:\Windows\system32\C_20833.NLS - OKC:\Windows\system32\C_20838.NLS - OKC:\Windows\system32\C_20866.NLS - OKC:\Windows\system32\C_20871.NLS - OKC:\Windows\system32\C_20880.NLS - OKC:\Windows\system32\C_20905.NLS - OKC:\Windows\system32\C_20924.NLS - OKC:\Windows\system32\C_20932.NLS - OKC:\Windows\system32\C_20936.NLS - OKC:\Windows\system32\C_20949.NLS - OKC:\Windows\system32\C_21025.NLS - OKC:\Windows\system32\C_21027.NLS - OKC:\Windows\system32\C_21866.NLS - OKC:\Windows\system32\C_28591.NLS - OKC:\Windows\system32\C_28592.NLS - OKC:\Windows\system32\C_28593.NLS - OKC:\Windows\system32\C_28594.NLS - OKC:\Windows\system32\C_28595.NLS - OKC:\Windows\system32\C_28596.NLS - OKC:\Windows\system32\C_28597.NLS - OKC:\Windows\system32\C_28598.NLS - OKC:\Windows\system32\C_28599.NLS - OKC:\Windows\system32\c_28603.nls - OKC:\Windows\system32\C_28605.NLS - OKC:\Windows\system32\C_437.NLS - OKC:\Windows\system32\C_500.NLS - OKC:\Windows\system32\C_708.NLS - OKC:\Windows\system32\C_720.NLS - OKC:\Windows\system32\C_737.NLS - OKC:\Windows\system32\C_775.NLS - OKC:\Windows\system32\C_850.NLS - OKC:\Windows\system32\C_852.NLS - OKC:\Windows\system32\C_855.NLS - OKC:\Windows\system32\C_857.NLS - OKC:\Windows\system32\C_858.NLS - OKC:\Windows\system32\C_860.NLS - OKC:\Windows\system32\C_861.NLS - OKC:\Windows\system32\C_862.NLS - OKC:\Windows\system32\C_863.NLS - OKC:\Windows\system32\C_864.NLS - OKC:\Windows\system32\C_865.NLS - OKC:\Windows\system32\C_866.NLS - OKC:\Windows\system32\C_869.NLS - OKC:\Windows\system32\C_870.NLS - OKC:\Windows\system32\C_874.NLS - OKC:\Windows\system32\C_875.NLS - OKC:\Windows\system32\C_932.NLS - OKC:\Windows\system32\C_936.NLS - OKC:\Windows\system32\C_949.NLS - OKC:\Windows\system32\C_950.NLS - OKC:\Windows\system32\C_G18030.DLL - OKC:\Windows\system32\C_IS2022.DLL - OKC:\Windows\system32\C_ISCII.DLL - OKC:\Windows\system32\d3d10.dll - OKC:\Windows\system32\d3d10core.dll - OKC:\Windows\system32\d3d10_1.dll - OKC:\Windows\system32\d3d10_1core.dll - OKC:\Windows\system32\d3d8.dll - OKC:\Windows\system32\d3d8thk.dll - OKC:\Windows\system32\d3d9.dll - OKC:\Windows\system32\d3dim.dll - OKC:\Windows\system32\d3dim700.dll - OKC:\Windows\system32\d3dramp.dll - OKC:\Windows\system32\d3dxof.dll - OKC:\Windows\system32\dataclen.dll - OKC:\Windows\system32\davclnt.dll - OKC:\Windows\system32\dbgeng.dll - OKC:\Windows\system32\dbghelp.dll - OKC:\Windows\system32\dbnetlib.dll - OKC:\Windows\system32\dbnmpntw.dll - OKC:\Windows\system32\dciman32.dll - OKC:\Windows\system32\dcomcnfg.exe - OKC:\Windows\system32\DDACLSys.dll - OKC:\Windows\system32\DDEML.DLL - OKC:\Windows\system32\ddraw.dll - OKC:\Windows\system32\ddrawex.dll - OKC:\Windows\system32\debug.exe packed by EXEPACK>C:\Windows\system32\debug.exe - OKC:\Windows\system32\Defrag.exe - OKC:\Windows\system32\desk.cpl - OKC:\Windows\system32\deskadp.dll - OKC:\Windows\system32\deskmon.dll - OKC:\Windows\system32\deskperf.dll - OKC:\Windows\system32\desktop.ini - OKC:\Windows\system32\devenum.dll - OKC:\Windows\system32\DeviceEject.exe - OKC:\Windows\system32\DeviceProperties.exe - OKC:\Windows\system32\devmgmt.msc - OKC:\Windows\system32\devmgr.dll - OKC:\Windows\system32\dfdts.dll - OKC:\Windows\system32\DFDWiz.exe - OKC:\Windows\system32\dfrgfat.exe - OKC:\Windows\system32\dfrgifc.exe - OKC:\Windows\system32\dfrgifps.dll - OKC:\Windows\system32\DfrgNtfs.exe - OKC:\Windows\system32\DfrgRes.dll - OKC:\Windows\system32\dfrgui.exe packed by ZLIB>C:\Windows\system32\dfrgui.exe - archive BINARYRES>>C:\Windows\system32\dfrgui.exe/data001 - OK>>C:\Windows\system32\dfrgui.exe/data002 - OK>C:\Windows\system32\dfrgui.exe - OKC:\Windows\system32\dfshim.dll - OKC:\Windows\system32\dfsr.exe - OKC:\Windows\system32\dfsrres.dll - OKC:\Windows\system32\DfsShlEx.dll - OKC:\Windows\system32\dhcpcmonitor.dll - OKC:\Windows\system32\dhcpcsvc.dll - OKC:\Windows\system32\dhcpcsvc6.dll - OKC:\Windows\system32\DHCPQEC.DLL - OKC:\Windows\system32\dhcpsapi.dll packed by PESTUB>C:\Windows\system32\dhcpsapi.dll - OKC:\Windows\system32\dhcpsoc.dll - OKC:\Windows\system32\diagperf.dll - OKC:\Windows\system32\dialer.exe - OKC:\Windows\system32\diantz.exe - OKC:\Windows\system32\dimsjob.dll - OKC:\Windows\system32\dimsroam.dll - OKC:\Windows\system32\dinput.dll - OKC:\Windows\system32\dinput8.dll - OKC:\Windows\system32\diskcomp.com - OKC:\Windows\system32\diskcopy.com - OKC:\Windows\system32\diskcopy.dll - OKC:\Windows\system32\diskmgmt.msc - OKC:\Windows\system32\diskpart.exe - OKC:\Windows\system32\diskperf.exe - OKC:\Windows\system32\diskraid.exe - OKC:\Windows\system32\dispci.dll - OKC:\Windows\system32\dispdiag.exe - OKC:\Windows\system32\dispex.dll - OKC:\Windows\system32\dllhost.exe - OKC:\Windows\system32\dllhst3g.exe - OKC:\Windows\system32\dmband.dll - OKC:\Windows\system32\dmcompos.dll - OKC:\Windows\system32\dmdlgs.dll - OKC:\Windows\system32\dmdskmgr.dll - OKC:\Windows\system32\dmdskres.dll - OKC:\Windows\system32\dmdskres2.dll - OKC:\Windows\system32\dmime.dll - OKC:\Windows\system32\dmintf.dll - OKC:\Windows\system32\dmloader.dll - OKC:\Windows\system32\dmocx.dll - OKC:\Windows\system32\dmscript.dll - OKC:\Windows\system32\dmstyle.dll - OKC:\Windows\system32\dmsynth.dll - OKC:\Windows\system32\dmusic.dll - OKC:\Windows\system32\dmutil.dll - OKC:\Windows\system32\dmvdsitf.dll - OKC:\Windows\system32\dmview.ocx packed by PESTUB>C:\Windows\system32\dmview.ocx - OKC:\Windows\system32\dnsapi.dll - OKC:\Windows\system32\dnscacheugc.exe - OKC:\Windows\system32\dnshc.dll - OKC:\Windows\system32\dnsrslvr.dll - OKC:\Windows\system32\docprop.dll - OKC:\Windows\system32\doskey.exe - OKC:\Windows\system32\dosx.exe - OKC:\Windows\system32\dot3.tmf - OKC:\Windows\system32\dot3api.dll - OKC:\Windows\system32\dot3cfg.dll packed by PESTUB>C:\Windows\system32\dot3cfg.dll - OKC:\Windows\system32\dot3dlg.dll - OKC:\Windows\system32\dot3gpclnt.dll - OKC:\Windows\system32\dot3gpui.dll - OKC:\Windows\system32\dot3msm.dll - OKC:\Windows\system32\dot3svc.dll - OKC:\Windows\system32\dot3ui.dll - OKC:\Windows\system32\dpapimig.exe - OKC:\Windows\system32\dpinst.exe - OKC:\Windows\system32\DpiScaling.exe - OKC:\Windows\system32\dplaysvr.exe - OKC:\Windows\system32\dplayx.dll - OKC:\Windows\system32\dpmodemx.dll - OKC:\Windows\system32\dpnaddr.dll - OKC:\Windows\system32\dpnathlp.dll - OKC:\Windows\system32\dpnet.dll - OKC:\Windows\system32\dpnhpast.dll - OKC:\Windows\system32\dpnhupnp.dll - OKC:\Windows\system32\dpnlobby.dll - OKC:\Windows\system32\dpnsvr.exe - OKC:\Windows\system32\dps.dll - OKC:\Windows\system32\dpwsockx.dll - OKC:\Windows\system32\dpx.dll - OKC:\Windows\system32\driverquery.exe - OKC:\Windows\system32\drmmgrtn.dll - OKC:\Windows\system32\drmv2clt.dll - archive BINARYRES>C:\Windows\system32\drmv2clt.dll/data001 - archive HTML>>C:\Windows\system32\drmv2clt.dll/data001/JavaScript.0 - OK>C:\Windows\system32\drmv2clt.dll/data001 - OKC:\Windows\system32\drmv2clt.dll - OKC:\Windows\system32\drprov.dll - OKC:\Windows\system32\drvinst.exe - OKC:\Windows\system32\drvstore.dll packed by BINARYRES>C:\Windows\system32\drvstore.dll packed by MS COMPRESS>>C:\Windows\system32\drvstore.dll - OKC:\Windows\system32\DRWATSON.EXE - OKC:\Windows\system32\ds16gt.dLL - OKC:\Windows\system32\ds32gt.dll - OKC:\Windows\system32\dsauth.dll packed by PESTUB>C:\Windows\system32\dsauth.dll - OKC:\Windows\system32\dsdmo.dll - OKC:\Windows\system32\dskquota.dll - OKC:\Windows\system32\dskquoui.dll - OKC:\Windows\system32\dsound.dll - OKC:\Windows\system32\dsprop.dll - OKC:\Windows\system32\dsquery.dll - OKC:\Windows\system32\dssec.dat - OKC:\Windows\system32\dssec.dll packed by PESTUB>C:\Windows\system32\dssec.dll - OKC:\Windows\system32\dssenh.dll - OKC:\Windows\system32\dsuiext.dll - OKC:\Windows\system32\dswave.dll - OKC:\Windows\system32\dtsh.dll - OKC:\Windows\system32\duser.dll - OKC:\Windows\system32\dvdplay.exe - OKC:\Windows\system32\dvdupgrd.exe - OKC:\Windows\system32\dwm.exe - OKC:\Windows\system32\dwmapi.dll - OKC:\Windows\system32\dwmredir.dll - OKC:\Windows\system32\DWWIN.EXE - OKC:\Windows\system32\dxdiag.exe - OKC:\Windows\system32\dxdiagn.dll - OKC:\Windows\system32\dxgi.dll - OKC:\Windows\system32\dxmasf.dll - OKC:\Windows\system32\dxtmsft.dll - OKC:\Windows\system32\dxtrans.dll - OKC:\Windows\system32\dxva2.dll - OKC:\Windows\system32\eaphost.tmf - OKC:\Windows\system32\eapp3hst.dll - OKC:\Windows\system32\eappcfg.dll - OKC:\Windows\system32\eappgnui.dll - OKC:\Windows\system32\eapphost.dll - OKC:\Windows\system32\eappprxy.dll - OKC:\Windows\system32\EAPQEC.DLL - OKC:\Windows\system32\eapsvc.dll - OKC:\Windows\system32\edit.com packed by EXEPACK>C:\Windows\system32\edit.com - OKC:\Windows\system32\EDIT.HLP - OKC:\Windows\system32\edlin.exe packed by EXEPACK>C:\Windows\system32\edlin.exe - OKC:\Windows\system32\efsadu.dll - OKC:\Windows\system32\efsui.exe - OKC:\Windows\system32\ega.cpi - OKC:\Windows\system32\els.dll - OKC:\Windows\system32\emdmgmt.dll - OKC:\Windows\system32\encapi.dll - OKC:\Windows\system32\EncDec.dll - OKC:\Windows\system32\EncDump.dll - OKC:\Windows\system32\eqossnap.dll - OKC:\Windows\system32\es.dll - OKC:\Windows\system32\esent.dll - OKC:\Windows\system32\esentprf.dll - OKC:\Windows\system32\esentutl.exe - OKC:\Windows\system32\eudcedit.exe - OKC:\Windows\system32\eventcls.dll - OKC:\Windows\system32\eventcreate.exe - OKC:\Windows\system32\EventViewer_EventDetails.xsl - archive HTML>C:\Windows\system32\EventViewer_EventDetails.xsl/Script.0 - OKC:\Windows\system32\EventViewer_EventDetails.xsl - OKC:\Windows\system32\eventvwr.exe - OKC:\Windows\system32\eventvwr.msc - OKC:\Windows\system32\evr.dll - OKC:\Windows\system32\exe2bin.exe packed by EXEPACK>C:\Windows\system32\exe2bin.exe - OKC:\Windows\system32\expand.exe packed by BINARYRES>C:\Windows\system32\expand.exe packed by MS COMPRESS>>C:\Windows\system32\expand.exe - OKC:\Windows\system32\ExplorerFrame.dll - OKC:\Windows\system32\expsrv.dll - OKC:\Windows\system32\extmgr.dll - OKC:\Windows\system32\extrac32.exe - OKC:\Windows\system32\f3ahvoas.dll - OKC:\Windows\system32\fastopen.exe packed by EXEPACK>C:\Windows\system32\fastopen.exe packed by COM2EXE>>C:\Windows\system32\fastopen.exe - OKC:\Windows\system32\Faultrep.dll - OKC:\Windows\system32\fc.exe - OKC:\Windows\system32\fde.dll - OKC:\Windows\system32\fdeploy.dll - OKC:\Windows\system32\fdPHost.dll - OKC:\Windows\system32\fdProxy.dll - OKC:\Windows\system32\FDResPub.dll - OKC:\Windows\system32\fdSSDP.dll - OKC:\Windows\system32\fdWCN.dll - OKC:\Windows\system32\fdWNet.dll - OKC:\Windows\system32\fdWSD.dll - OKC:\Windows\system32\feclient.dll - OKC:\Windows\system32\filemgmt.dll - OKC:\Windows\system32\find.exe - OKC:\Windows\system32\findnetprinters.dll - OKC:\Windows\system32\findstr.exe - OKC:\Windows\system32\finger.exe - OKC:\Windows\system32\Firewall.cpl - OKC:\Windows\system32\FirewallAPI.dll - OKC:\Windows\system32\FirewallControlPanel.exe - OKC:\Windows\system32\FirewallSettings.exe - OKC:\Windows\system32\fixmapi.exe - OKC:\Windows\system32\fltLib.dll - OKC:\Windows\system32\fltMC.exe - OKC:\Windows\system32\fmifs.dll - OKC:\Windows\system32\FNTCACHE.DAT - OKC:\Windows\system32\fontext.dll packed by BINARYRES>C:\Windows\system32\fontext.dll packed by MS COMPRESS>>C:\Windows\system32\fontext.dll - OKC:\Windows\system32\fontsub.dll - OKC:\Windows\system32\fontview.exe - OKC:\Windows\system32\forfiles.exe - OKC:\Windows\system32\format.com - OKC:\Windows\system32\fphc.dll - OKC:\Windows\system32\framebuf.dll packed by FLY-CODE>C:\Windows\system32\framebuf.dll - OKC:\Windows\system32\framedyn.dll - OKC:\Windows\system32\framedynos.dll - OKC:\Windows\system32\fsmgmt.msc - OKC:\Windows\system32\fsutil.exe - OKC:\Windows\system32\ftp.exe - OKC:\Windows\system32\fundisc.dll - OKC:\Windows\system32\fwcfg.dll packed by PESTUB>C:\Windows\system32\fwcfg.dll - OKC:\Windows\system32\FWPUCLNT.DLL - OKC:\Windows\system32\FwRemoteSvr.dll - OKC:\Windows\system32\FXSAPI.dll - OKC:\Windows\system32\FXSCOM.dll - OKC:\Windows\system32\FXSCOMEX.dll - OKC:\Windows\system32\FXSCOMPOSE.dll - OKC:\Windows\system32\FXSCOMPOSERES.dll - OKC:\Windows\system32\FXSCOVER.exe - OKC:\Windows\system32\FXSEVENT.dll - OKC:\Windows\system32\FXSEXT32.dll packed by PESTUB>C:\Windows\system32\FXSEXT32.dll - OKC:\Windows\system32\FXSMON.dll - OKC:\Windows\system32\FXSRESM.dll - OKC:\Windows\system32\FXSROUTE.dll - OKC:\Windows\system32\FXSST.dll - OKC:\Windows\system32\FXSSVC.exe - OKC:\Windows\system32\FXST30.dll - OKC:\Windows\system32\FXSTIFF.dll - OKC:\Windows\system32\FXSUNATD.exe - OKC:\Windows\system32\FXSUTILITY.dll - OKC:\Windows\system32\FXSXP32.dll - OKC:\Windows\system32\g711codc.ax - OKC:\Windows\system32\gacinstall.dll - OKC:\Windows\system32\gameux.dll - OKC:\Windows\system32\GameUXLegacyGDFs.dll - OKC:\Windows\system32\gatherWiredInfo.vbs - OKC:\Windows\system32\gatherWiredInfo.xslt - OKC:\Windows\system32\gatherWirelessInfo.vbs - OKC:\Windows\system32\gatherWirelessInfo.xslt - OKC:\Windows\system32\gb2312.uce - OKC:\Windows\system32\gcdef.dll - OKC:\Windows\system32\GDI.EXE - OKC:\Windows\system32\gdi32.dll - OKC:\Windows\system32\getmac.exe - OKC:\Windows\system32\getuname.dll - OKC:\Windows\system32\GkSui20.EXE - OKC:\Windows\system32\glmf32.dll - OKC:\Windows\system32\glu32.dll - OKC:\Windows\system32\gpapi.dll - OKC:\Windows\system32\gpedit.dll - OKC:\Windows\system32\gpedit.msc - OKC:\Windows\system32\gpprnext.dll packed by PESTUB>C:\Windows\system32\gpprnext.dll - OKC:\Windows\system32\gpresult.exe - OKC:\Windows\system32\gpscript.dll - OKC:\Windows\system32\gpscript.exe - OKC:\Windows\system32\gpsvc.dll - OKC:\Windows\system32\gptext.dll - OKC:\Windows\system32\gpupdate.exe - OKC:\Windows\system32\graftabl.com - OKC:\Windows\system32\GRAPHICS.COM - OKC:\Windows\system32\graphics.pro - OKC:\Windows\system32\grpconv.exe - OKC:\Windows\system32\GuidedHelp.dll packed by PESTUB>C:\Windows\system32\GuidedHelp.dll - OKC:\Windows\system32\hal.dll - OKC:\Windows\system32\halacpi.dll - OKC:\Windows\system32\halmacpi.dll - OKC:\Windows\system32\hbaapi.dll packed by PESTUB>C:\Windows\system32\hbaapi.dll - OKC:\Windows\system32\hccoin.dll - OKC:\Windows\system32\hcrstco.dll packed by PESTUB>C:\Windows\system32\hcrstco.dll - OKC:\Windows\system32\hdwwiz.cpl - OKC:\Windows\system32\hdwwiz.exe - OKC:\Windows\system32\help.exe - OKC:\Windows\system32\HelpPaneProxy.dll - OKC:\Windows\system32\hhctrl.ocx - OKC:\Windows\system32\hhsetup.dll - OKC:\Windows\system32\hid.dll - OKC:\Windows\system32\hidphone.tsp - OKC:\Windows\system32\hidserv.dll - OKC:\Windows\system32\HIMEM.SYS - OKC:\Windows\system32\hlink.dll - OKC:\Windows\system32\hnetcfg.dll - OKC:\Windows\system32\hnetmon.dll packed by PESTUB>C:\Windows\system32\hnetmon.dll - OKC:\Windows\system32\HOSTNAME.EXE - OKC:\Windows\system32\hotplug.dll - OKC:\Windows\system32\HotStartUserAgent.dll - OKC:\Windows\system32\html.iec packed by PESTUB>C:\Windows\system32\html.iec - OKC:\Windows\system32\httpapi.dll - OKC:\Windows\system32\htui.dll - OKC:\Windows\system32\iac25_32.ax - OKC:\Windows\system32\ias.dll - OKC:\Windows\system32\iasacct.dll - OKC:\Windows\system32\iasads.dll - OKC:\Windows\system32\iasdatastore.dll - OKC:\Windows\system32\iashlpr.dll packed by PESTUB>C:\Windows\system32\iashlpr.dll - OKC:\Windows\system32\iashost.exe - OKC:\Windows\system32\IasMigPlugin.dll - archive BINARYRES>C:\Windows\system32\IasMigPlugin.dll/data001 - OKC:\Windows\system32\IasMigPlugin.dll - OKC:\Windows\system32\iasnap.dll - OKC:\Windows\system32\iaspolcy.dll - OKC:\Windows\system32\iasrad.dll - OKC:\Windows\system32\iasrecst.dll - OKC:\Windows\system32\iassam.dll - OKC:\Windows\system32\iassdo.dll - OKC:\Windows\system32\iassvcs.dll - OKC:\Windows\system32\icaapi.dll - OKC:\Windows\system32\icacls.exe - OKC:\Windows\system32\icardagt.exe - OKC:\Windows\system32\icardie.dll - OKC:\Windows\system32\icardres.dll - OKC:\Windows\system32\iccvid.dll - OKC:\Windows\system32\icfupgd.dll - OKC:\Windows\system32\icm32.dll - OKC:\Windows\system32\icmp.dll - OKC:\Windows\system32\icmui.dll - OKC:\Windows\system32\IconCodecService.dll - OKC:\Windows\system32\icrav03.rat - OKC:\Windows\system32\icsfiltr.dll - OKC:\Windows\system32\icsigd.dll - OKC:\Windows\system32\icsunattend.exe - OKC:\Windows\system32\identprv.dll packed by UPX>C:\Windows\system32\identprv.dll packed by FLY-CODE>>C:\Windows\system32\identprv.dll - archive BINARYRES>>>C:\Windows\system32\identprv.dll/data001 - OK>>>C:\Windows\system32\identprv.dll/data002 - OK>>C:\Windows\system32\identprv.dll - OKC:\Windows\system32\ideograf.uce - OKC:\Windows\system32\idndl.dll packed by PESTUB>C:\Windows\system32\idndl.dll - OKC:\Windows\system32\ie4uinit.exe - OKC:\Windows\system32\ieakeng.dll - OKC:\Windows\system32\ieaksie.dll - OKC:\Windows\system32\ieakui.dll - OKC:\Windows\system32\ieapfltr.dat - OKC:\Windows\system32\ieapfltr.dll - OKC:\Windows\system32\iedkcs32.dll - OKC:\Windows\system32\ieencode.dll - OKC:\Windows\system32\ieframe.dll - OKC:\Windows\system32\iepeers.dll - OKC:\Windows\system32\iernonce.dll - OKC:\Windows\system32\iertutil.dll - OKC:\Windows\system32\iesetup.dll - OKC:\Windows\system32\ieui.dll - OKC:\Windows\system32\ieuinit.inf - OKC:\Windows\system32\ieUnatt.exe - OKC:\Windows\system32\iexpress.exe - OKC:\Windows\system32\ifmon.dll packed by PESTUB>C:\Windows\system32\ifmon.dll - OKC:\Windows\system32\ifsutil.dll - OKC:\Windows\system32\ifsutilx.dll - OKC:\Windows\system32\ifxcardm.dll - OKC:\Windows\system32\IKEEXT.DLL - OKC:\Windows\system32\Ikeext.etl - OKC:\Windows\system32\imaadp32.acm - OKC:\Windows\system32\imagehlp.dll - OKC:\Windows\system32\imageres.dll - OKC:\Windows\system32\imagesp1.dll - OKC:\Windows\system32\imapi.dll - OKC:\Windows\system32\imapi2.dll - OKC:\Windows\system32\imapi2fs.dll - OKC:\Windows\system32\imgutil.dll - OKC:\Windows\system32\IMJP10.IME - OKC:\Windows\system32\IMJP10K.DLL - OKC:\Windows\system32\imkr80.ime - OKC:\Windows\system32\imm32.dll - OKC:\Windows\system32\inetcomm.dll - OKC:\Windows\system32\inetcpl.cpl - OKC:\Windows\system32\inetmib1.dll - OKC:\Windows\system32\inetpp.dll - OKC:\Windows\system32\inetppui.dll packed by PESTUB>C:\Windows\system32\inetppui.dll - OKC:\Windows\system32\INETRES.dll - OKC:\Windows\system32\InfDefaultInstall.exe - OKC:\Windows\system32\infocardapi.dll - OKC:\Windows\system32\infocardcpl.cpl - OKC:\Windows\system32\InkEd.dll - OKC:\Windows\system32\input.dll - OKC:\Windows\system32\inseng.dll - OKC:\Windows\system32\InstallPackage_ETW.Log - OKC:\Windows\system32\InstallPackage_ETW.Log.dpx - OKC:\Windows\system32\InstallPackage_ETW.Log.perf - OKC:\Windows\system32\intl.cpl - OKC:\Windows\system32\iologmsg.dll - OKC:\Windows\system32\IPBusEnum.dll - OKC:\Windows\system32\IPBusEnumProxy.dll - OKC:\Windows\system32\ipconfig.exe - OKC:\Windows\system32\IPHLPAPI.DLL - OKC:\Windows\system32\iphlpsvc.dll - OKC:\Windows\system32\ipnathlp.dll - OKC:\Windows\system32\iprop.dll - OKC:\Windows\system32\iprtprio.dll - OKC:\Windows\system32\iprtrmgr.dll - OKC:\Windows\system32\ipsecsnp.dll - OKC:\Windows\system32\IPSECSVC.DLL - OKC:\Windows\system32\ipsmsnap.dll - OKC:\Windows\system32\ir32_32.dll - OKC:\Windows\system32\ir41_32.ax - OKC:\Windows\system32\ir41_qc.dll - OKC:\Windows\system32\ir41_qcx.dll - OKC:\Windows\system32\ir50_32.dll - OKC:\Windows\system32\ir50_qc.dll - OKC:\Windows\system32\ir50_qcx.dll - OKC:\Windows\system32\irclass.dll - OKC:\Windows\system32\irftp.exe - OKC:\Windows\system32\irmon.dll - OKC:\Windows\system32\irprops.cpl - OKC:\Windows\system32\iscsicli.exe - OKC:\Windows\system32\iscsicpl.dll - OKC:\Windows\system32\iscsicpl.exe - OKC:\Windows\system32\iscsidsc.dll - OKC:\Windows\system32\iscsied.dll - OKC:\Windows\system32\iscsiexe.dll - OKC:\Windows\system32\iscsilog.dll - OKC:\Windows\system32\iscsium.dll - OKC:\Windows\system32\iscsiwmi.dll - OKC:\Windows\system32\itircl.dll - OKC:\Windows\system32\itss.dll - OKC:\Windows\system32\ivfsrc.ax - OKC:\Windows\system32\iyuv_32.dll - OKC:\Windows\system32\jnwmon.dll - OKC:\Windows\system32\joy.cpl - OKC:\Windows\system32\jscript.dll - OKC:\Windows\system32\jsproxy.dll - OKC:\Windows\system32\kanji_1.uce - OKC:\Windows\system32\kanji_2.uce - OKC:\Windows\system32\KB16.COM - OKC:\Windows\system32\kbd101.dll - OKC:\Windows\system32\kbd101a.dll - OKC:\Windows\system32\kbd101b.dll - OKC:\Windows\system32\kbd101c.dll - OKC:\Windows\system32\kbd103.dll - OKC:\Windows\system32\kbd106.dll - OKC:\Windows\system32\kbd106n.dll - OKC:\Windows\system32\KBDA1.DLL - OKC:\Windows\system32\KBDA2.DLL - OKC:\Windows\system32\KBDA3.DLL - OKC:\Windows\system32\KBDAL.DLL - OKC:\Windows\system32\KBDARME.DLL - OKC:\Windows\system32\KBDARMW.DLL - OKC:\Windows\system32\kbdax2.dll - OKC:\Windows\system32\KBDAZE.DLL - OKC:\Windows\system32\KBDAZEL.DLL - OKC:\Windows\system32\KBDBASH.DLL - OKC:\Windows\system32\KBDBE.DLL - OKC:\Windows\system32\KBDBENE.DLL - OKC:\Windows\system32\KBDBGPH.DLL - OKC:\Windows\system32\KBDBHC.DLL - OKC:\Windows\system32\KBDBLR.DLL - OKC:\Windows\system32\KBDBR.DLL - OKC:\Windows\system32\KBDBU.DLL - OKC:\Windows\system32\KBDBULG.DLL - OKC:\Windows\system32\KBDCA.DLL - OKC:\Windows\system32\KBDCAN.DLL - OKC:\Windows\system32\KBDCR.DLL - OKC:\Windows\system32\KBDCZ.DLL - OKC:\Windows\system32\KBDCZ1.DLL - OKC:\Windows\system32\KBDCZ2.DLL - OKC:\Windows\system32\KBDDA.DLL - OKC:\Windows\system32\KBDDIV1.DLL - OKC:\Windows\system32\KBDDIV2.DLL - OKC:\Windows\system32\KBDDV.DLL - OKC:\Windows\system32\KBDES.DLL - OKC:\Windows\system32\KBDEST.DLL - OKC:\Windows\system32\KBDFA.DLL - OKC:\Windows\system32\KBDFC.DLL - OKC:\Windows\system32\KBDFI.DLL - OKC:\Windows\system32\KBDFI1.DLL - OKC:\Windows\system32\KBDFO.DLL - OKC:\Windows\system32\KBDFR.DLL - OKC:\Windows\system32\KBDGAE.DLL - OKC:\Windows\system32\KBDGEO.DLL - OKC:\Windows\system32\kbdgeoer.dll - OKC:\Windows\system32\kbdgeoqw.dll - OKC:\Windows\system32\KBDGKL.DLL - OKC:\Windows\system32\KBDGR.DLL - OKC:\Windows\system32\KBDGR1.DLL - OKC:\Windows\system32\KBDGRLND.DLL - OKC:\Windows\system32\KBDHE.DLL - OKC:\Windows\system32\KBDHE220.DLL - OKC:\Windows\system32\KBDHE319.DLL - OKC:\Windows\system32\KBDHEB.DLL - OKC:\Windows\system32\KBDHELA2.DLL - OKC:\Windows\system32\KBDHELA3.DLL - OKC:\Windows\system32\KBDHEPT.DLL - OKC:\Windows\system32\KBDHU.DLL - OKC:\Windows\system32\KBDHU1.DLL - OKC:\Windows\system32\kbdibm02.dll - OKC:\Windows\system32\KBDIC.DLL - OKC:\Windows\system32\KBDINASA.DLL - OKC:\Windows\system32\KBDINBE1.DLL - OKC:\Windows\system32\KBDINBE2.DLL - OKC:\Windows\system32\KBDINBEN.DLL - OKC:\Windows\system32\KBDINDEV.DLL - OKC:\Windows\system32\KBDINGUJ.DLL - OKC:\Windows\system32\KBDINHIN.DLL - OKC:\Windows\system32\KBDINKAN.DLL - OKC:\Windows\system32\KBDINMAL.DLL - OKC:\Windows\system32\KBDINMAR.DLL - OKC:\Windows\system32\KBDINORI.DLL - OKC:\Windows\system32\KBDINPUN.DLL - OKC:\Windows\system32\KBDINTAM.DLL - OKC:\Windows\system32\KBDINTEL.DLL - OKC:\Windows\system32\KBDINUK2.DLL - OKC:\Windows\system32\KBDIR.DLL - OKC:\Windows\system32\KBDIT.DLL - OKC:\Windows\system32\KBDIT142.DLL - OKC:\Windows\system32\KBDIULAT.DLL - OKC:\Windows\system32\KBDJPN.DLL - OKC:\Windows\system32\KBDKAZ.DLL - OKC:\Windows\system32\KBDKHMR.DLL - OKC:\Windows\system32\KBDKOR.DLL - OKC:\Windows\system32\KBDKYR.DLL - OKC:\Windows\system32\KBDLA.DLL - OKC:\Windows\system32\KBDLAO.DLL - OKC:\Windows\system32\kbdlk41a.dll - OKC:\Windows\system32\KBDLT.DLL - OKC:\Windows\system32\KBDLT1.DLL - OKC:\Windows\system32\KBDLT2.DLL - OKC:\Windows\system32\KBDLV.DLL - OKC:\Windows\system32\KBDLV1.DLL - OKC:\Windows\system32\KBDMAC.DLL - OKC:\Windows\system32\KBDMACST.DLL - OKC:\Windows\system32\KBDMAORI.DLL - OKC:\Windows\system32\KBDMLT47.DLL - OKC:\Windows\system32\KBDMLT48.DLL - OKC:\Windows\system32\KBDMON.DLL - OKC:\Windows\system32\KBDMONMO.DLL - OKC:\Windows\system32\KBDNE.DLL - OKC:\Windows\system32\kbdnec.dll - OKC:\Windows\system32\kbdnec95.dll - OKC:\Windows\system32\kbdnecat.dll - OKC:\Windows\system32\kbdnecnt.dll - OKC:\Windows\system32\KBDNEPR.DLL - OKC:\Windows\system32\KBDNO.DLL - OKC:\Windows\system32\KBDNO1.DLL - OKC:\Windows\system32\KBDPASH.DLL - OKC:\Windows\system32\KBDPL.DLL - OKC:\Windows\system32\KBDPL1.DLL - OKC:\Windows\system32\KBDPO.DLL - OKC:\Windows\system32\KBDRO.DLL - OKC:\Windows\system32\KBDROPR.DLL - OKC:\Windows\system32\KBDROST.DLL - OKC:\Windows\system32\KBDRU.DLL - OKC:\Windows\system32\KBDRU1.DLL - OKC:\Windows\system32\KBDSF.DLL - OKC:\Windows\system32\KBDSG.DLL - OKC:\Windows\system32\KBDSL.DLL - OKC:\Windows\system32\KBDSL1.DLL - OKC:\Windows\system32\KBDSMSFI.DLL - OKC:\Windows\system32\KBDSMSNO.DLL - OKC:\Windows\system32\KBDSN1.DLL - OKC:\Windows\system32\KBDSOREX.DLL - OKC:\Windows\system32\KBDSORST.DLL - OKC:\Windows\system32\KBDSP.DLL - OKC:\Windows\system32\KBDSW.DLL - OKC:\Windows\system32\KBDSW09.DLL - OKC:\Windows\system32\KBDSYR1.DLL - OKC:\Windows\system32\KBDSYR2.DLL - OKC:\Windows\system32\KBDTAJIK.DLL - OKC:\Windows\system32\KBDTAT.DLL - OKC:\Windows\system32\KBDTH0.DLL - OKC:\Windows\system32\KBDTH1.DLL - OKC:\Windows\system32\KBDTH2.DLL - OKC:\Windows\system32\KBDTH3.DLL - OKC:\Windows\system32\KBDTIPRC.DLL - OKC:\Windows\system32\KBDTUF.DLL - OKC:\Windows\system32\KBDTUQ.DLL - OKC:\Windows\system32\KBDTURME.DLL - OKC:\Windows\system32\KBDUGHR.DLL - OKC:\Windows\system32\KBDUK.DLL - OKC:\Windows\system32\KBDUKX.DLL - OKC:\Windows\system32\KBDUR.DLL - OKC:\Windows\system32\KBDUR1.DLL - OKC:\Windows\system32\KBDURDU.DLL - OKC:\Windows\system32\KBDUS.DLL - OKC:\Windows\system32\KBDUSA.DLL - OKC:\Windows\system32\KBDUSL.DLL - OKC:\Windows\system32\KBDUSR.DLL - OKC:\Windows\system32\KBDUSX.DLL - OKC:\Windows\system32\KBDUZB.DLL - OKC:\Windows\system32\KBDVNTC.DLL - OKC:\Windows\system32\KBDYAK.DLL - OKC:\Windows\system32\KBDYCC.DLL - OKC:\Windows\system32\KBDYCL.DLL - OKC:\Windows\system32\kd1394.dll - OKC:\Windows\system32\kdcom.dll - OKC:\Windows\system32\kdusb.dll - OKC:\Windows\system32\kerberos.dll - OKC:\Windows\system32\kernel32.dll - OKC:\Windows\system32\KEY01.SYS - OKC:\Windows\system32\keyboard.drv - OKC:\Windows\system32\KEYBOARD.SYS - OKC:\Windows\system32\keyiso.dll - OKC:\Windows\system32\keymgr.dll - OKC:\Windows\system32\kmddsp.tsp - OKC:\Windows\system32\KMSVC.DLL - OKC:\Windows\system32\korean.uce - OKC:\Windows\system32\korwbrkr.dll - OKC:\Windows\system32\korwbrkr.lex - OKC:\Windows\system32\krnl386.exe - OKC:\Windows\system32\ksproxy.ax - OKC:\Windows\system32\kstvtune.ax - OKC:\Windows\system32\ksuser.dll - OKC:\Windows\system32\Kswdmcap.ax - OKC:\Windows\system32\ksxbar.ax - OKC:\Windows\system32\ktmutil.exe - OKC:\Windows\system32\ktmw32.dll - OKC:\Windows\system32\l2gpstore.dll - OKC:\Windows\system32\l2nacp.dll - OKC:\Windows\system32\L2SecHC.dll - OKC:\Windows\system32\l3codeca.acm - OKC:\Windows\system32\l3codecp.acm - OKC:\Windows\system32\label.exe - OKC:\Windows\system32\LangCleanupSysprepAction.dll packed by PESTUB>C:\Windows\system32\LangCleanupSysprepAction.dll - OKC:\Windows\system32\lanman.drv - OKC:\Windows\system32\LAPRXY.DLL - OKC:\Windows\system32\lcphrase.tbl - OKC:\Windows\system32\lcptr.tbl - OKC:\Windows\system32\license.rtf - OKC:\Windows\system32\licmgr10.dll - OKC:\Windows\system32\linkinfo.dll - OKC:\Windows\system32\lltdapi.dll - OKC:\Windows\system32\lltdres.dll - OKC:\Windows\system32\lltdsvc.dll - OKC Link to post Share on other sites More sharing options...
Recommended Posts