- C:\Users\user\AppData\Local\Temp\msvcr100.dll
- C:\Windows\System32\msvcr100.dll
- C:\Windows\system\msvcr100.dll
- C:\Windows\msvcr100.dll
- C:\ProgramData\Oracle\Java\javapath\msvcr100.dll
-
- C:\Windows\System32\wbem\msvcr100.dll
- C:\Windows\System32\WindowsPowerShell\v1.0\msvcr100.dll
- C:\Program Files\Microsoft Network Monitor 3\msvcr100.dll
- C:\Program Files (x86)\Universal Extractor\msvcr100.dll
- C:\Program Files (x86)\Universal Extractor\bin\msvcr100.dll
- C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\msvcr100.dll
- C:\Python27\msvcr100.dll
- C:\Python27\Scripts\msvcr100.dll
- C:\tools\sysinternals\msvcr100.dll
- C:\tools\msvcr100.dll
- C:\tools\IDA_Pro_v6\python\msvcr100.dll
- C:\
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\winhttp.DLL
- C:\Windows\sysnative\winhttp.dll
- C:\Windows\webio.dll
- C:\Windows\sysnative\webio.dll
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe
- C:\Users\user\AppData\Local\Temp\9f75d272645b1dbcb6fb63f60ab7873982f13c08.exe
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe:Zone.Identifier
- C:\Windows\sysnative\advapi32.dll
- C:\Windows
- C:\Windows\sysnative
- C:\Windows\sysnative\cmd.exe
- C:\Windows\sysnative\
- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iddbdbdv.lnk
- C:\Windows\sysnative\Tasks
- C:\Windows\sysnative\Tasks\*
- C:\Windows\sysnative\Tasks\GoogleUpdateTaskMachineCore
- C:\Windows\sysnative\Tasks\Opera scheduled Autoupdate 772857709
- C:\Windows\Tasks\Opera scheduled Autoupdate 772857709.job
- C:\Windows\sysnative\Tasks\
- \??\PIPE\srvsvc
- C:\DosDevices\pipe\
- \Device\LanmanDatagramReceiver
- Show More 36
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InProcServer32\(Default)
-
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InProcServer32\LoadWithoutCOM
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\SortOrderIndex
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\SortOrderIndex
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\svcVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore\Id
- HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000\Control Panel\International\LocaleName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Hash
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\DynamicInfo
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
- Show More 17
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv
- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iddbdbdv.lnk
- C:\Windows\sysnative\Tasks\Opera scheduled Autoupdate 772857709
- \??\PIPE\srvsvc
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsFree
- kernel32.dll.IsProcessorFeaturePresent
-
- uxtheme.dll.ThemeInitApiHook
- user32.dll.IsProcessDPIAware
- kernel32.dll.LoadLibraryA
- kernel32.dll.VirtualAlloc
- kernel32.dll.VirtualProtect
- kernel32.dll.VirtualFree
- kernel32.dll.GetVersionExA
- kernel32.dll.TerminateProcess
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- kernel32.dll.CloseHandle
- user32.dll.SetPropA
- ntdll.dll.RtlExitUserThread
- ole32.dll.CoInitializeEx
- advapi32.dll.RegDeleteTreeA
- advapi32.dll.RegDeleteTreeW
- ole32.dll.CoTaskMemAlloc
- ole32.dll.StringFromIID
- nsi.dll.NsiAllocateAndGetTable
- cfgmgr32.dll.CM_Open_Class_Key_ExW
- iphlpapi.dll.ConvertInterfaceGuidToLuid
- iphlpapi.dll.GetIfEntry2
- iphlpapi.dll.GetIpForwardTable2
- iphlpapi.dll.GetIpNetEntry2
- iphlpapi.dll.FreeMibTable
- ole32.dll.CoTaskMemFree
- nsi.dll.NsiFreeTable
- ole32.dll.CoUninitialize
- shlwapi.dll.StrCmpNW
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.WSASocketW
- ws2_32.dll.#2
- ws2_32.dll.#21
- ws2_32.dll.#9
- ws2_32.dll.WSAIoctl
- ws2_32.dll.FreeAddrInfoW
- ws2_32.dll.#6
- ws2_32.dll.#5
- ws2_32.dll.WSARecv
- ws2_32.dll.WSASend
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptGetHashParam
- cryptsp.dll.CryptDestroyHash
- cryptsp.dll.CryptReleaseContext
- linkinfo.dll.CreateLinkInfoW
- user32.dll.IsCharAlphaW
- user32.dll.CharPrevW
- ntshrui.dll.GetNetResourceFromLocalPathW
- shlwapi.dll.PathRemoveFileSpecW
- linkinfo.dll.DestroyLinkInfo
- oleaut32.dll.#9
- Show More 51
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe
- C:\Users\user\AppData\Local\Temp\9f75d272645b1dbcb6fb63f60ab7873982f13c08.exe
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe:Zone.Identifier
- C:\Windows\Tasks\Opera scheduled Autoupdate 772857709.job
- C:\Windows\sysnative\Tasks\Opera scheduled Autoupdate 772857709
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Opera scheduled Autoupdate 772857709.job
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Opera scheduled Autoupdate 772857709.job.fp
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
-
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName
- HKEY_CLASSES_ROOT\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InProcServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InProcServer32\LoadWithoutCOM
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
- HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\SortOrderIndex
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{21EC2020-3AEA-1069-A2DD-08002B30309D}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{21EC2020-3AEA-1069-A2DD-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\SortOrderIndex
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\svcVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\RepositoryRestoreInProgress
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore\Id
- HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000
- HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000\Control Panel\International
- HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000\Control Panel\International\LocaleName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 772857709
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Opera scheduled Autoupdate 772857709.job
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Opera scheduled Autoupdate 772857709.job.fp
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\GTB Standard Time\Dynamic DST
- HKEY_LOCAL_MACHINE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Path
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Hash
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 772857709\Id
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 772857709\Index
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Triggers
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\DynamicInfo
- HKEY_LOCAL_MACHINE\system\Setup
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
- Show More 56
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\sysnative\winhttp.dll
- C:\Windows\sysnative\webio.dll
- C:\Users\user\AppData\Local\Temp\9f75d272645b1dbcb6fb63f60ab7873982f13c08.exe
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv\cafadrev.exe
-
- C:\Users\user\AppData\Roaming\Microsoft\Windows\iddbdbdv
- C:\
- C:\Windows
- C:\Windows\sysnative
- C:\Windows\sysnative\cmd.exe
- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iddbdbdv.lnk
- C:\Windows\sysnative\Tasks\Opera scheduled Autoupdate 772857709
- \??\PIPE\srvsvc
- \Device\LanmanDatagramReceiver
- Show More 9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Path
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Hash
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 772857709\Id
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 772857709\Index
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{060EC885-1638-48E2-9D94-DB306C0FAA32}\Triggers