Jump to content

necro007

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by necro007

  1. Hi D Fred Brown, i received the order to get a new desktop setup as a temp WeB Host till be reformat that other system. Might get a whole new setup, waiting for a decision from management. I loaded NOD antivirus and was thinking of loading Zonealarm firewall. would that be okay? Any other programs i could try? I personally use spybot search and destroy for personally use. Thanks again for all your help.
  2. Very helpful guy with a lot of understanding. Thank you for all your assistance with removing the viruses and malware that was infected on the system.

  3. Hi D-Fred-Brown I agree. Thank you for all your help. I really appreciate it. Regards,
  4. Hi D-Fred Brown, I have received the go ahead to run the scans. Unfortunately I've come across a new issue. When i boot into the server. Using the normal way or using safe mode. The explorer.exe process is not running so i can't access the desktop or anything. I can't start it as taskmanager process is corrupted. comes up with would you like to debug the process. I have tried multiple times to restart it but it still does the same thing.
  5. Hi D-Fred Brown, Sorry about the late reply. I've been trying to get management to allow me to take down the Server for maintenance. Hopefully it won't be much longer. Will keep you posted.
  6. Hi, i can't seem to run that. It causes the PC to crash to a blue screen. Tried twice.
  7. Hi this is the Extra's : OTL Extras logfile created on: 2013/06/10 12:02:17 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free 5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.58% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 61.98 Gb Free Space | 26.75% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 267.02 Gb Free Space | 57.46% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.44 Gb Free Space | 59.48% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe () .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe () .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe () .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe () .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe () .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe () [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05A646C0-2068-4536-BAD3-4CAFA500FA8A}" = ServerView RAID "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005 "{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools "{1DF999AD-1654-4C80-864E-C2E2284C8FD5}" = Fujitsu Siemens ServerView Agents "{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop "{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0 "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5D81D227-790A-43D8-BD30-6A7935CD6837}" = MadOnion.com/PCMark2002 "{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2 "{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11 "{752AE27D-0AE5-4728-B615-308926C04A91}" = ArcGIS ArcIMS "{7F2357C7-4F66-4FE6-952A-EEF701AA368A}" = ArcGIS Image Server Tutorial "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B799ADD-7E5C-41B9-936B-942F3CAE42A0}" = Jakarta Isapi Redirector "{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4 "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English) "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A20152C1-6CB7-4343-9C12-BEAB68952D9E}" = ArcGIS 9.2 Demos Print Custom Web ADF Task "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch "{ACDE005A-598D-4147-9482-880723015E3B}" = ArcGIS Image Server "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus "{C1755A45-D393-4E72-9FF8-88A328602D57}" = Fujitsu Siemens GlobalFlash Service "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}" = DeltaCopy "{DA41E333-39E0-4956-A329-DFC75F0A353A}" = ArcGIS ArcSDE for Microsoft SQL Server "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0 "{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services "{FC195F9B-059C-4D21-B937-24687368D192}" = Windows Agent "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only) "ArcGIS License Manager" = ArcGIS License Manager "ATI Display Driver" = ATI Display Driver "Complitly_is1" = Complitly "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "ESET Online Scanner" = ESET Online Scanner v3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImageMagick 6.4.1 Q16_is1" = ImageMagick 6.4.1-8 Q16 (07/01/08) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PHP 5.1.2" = PHP 5.1.2 "Raster Utilities_is1" = Raster Utilities v1.0 "Revo Uninstaller" = Revo Uninstaller 1.94 "TeamViewer 8" = TeamViewer 8 "UPSMON Plus for Windows_is1" = UPSMON Plus for Windows "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 1 "XXConsole" = XXConsole: Super Console Generator ver 0.96 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013/06/06 06:24:53 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/07 05:29:01 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 17052 Description = Error - 2013/06/07 05:29:14 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 17052 Description = Error - 2013/06/07 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/07 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/08 06:23:49 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/08 06:23:49 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/09 09:43:06 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 26040 Description = Server TCP provider has stopped listening on port [ 1433 ] due to a failure. Error: 0x2747, state: 1. The server will automatically attempt to reestablish listening. Error - 2013/06/09 06:23:54 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/09 06:23:54 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. [ System Events ] Error - 2013/06/10 06:09:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/10 06:09:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/10 06:10:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/10 06:10:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/10 06:11:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/10 06:11:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/10 06:12:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/10 06:12:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/10 06:13:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/10 06:13:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 < End of report >
  8. Hi This is the 2nd part of the log: [2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe [2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx [2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx [2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx [2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx [2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx [2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx [2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx [2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx [2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx [2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx [2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx [2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx [2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx [2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx [2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx [2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx [2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx [2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx [2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx [2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx [2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx [2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx [2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe [2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx [2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx [2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx [2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx [2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx [2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx [2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx [2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx [2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx [2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx [2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx [2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx [2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx [2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx [2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx [2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx [2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx [2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx [2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx [2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx [2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx [2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx [2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx [2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx [2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx [2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx [2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx [2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx [2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx [2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx [2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx [2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx [2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx [2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx [2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx [2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx [2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx [2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx [2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx [2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx [2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx [2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx [2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx [2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx [2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx [2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx [2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx [2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx [2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx [2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx [2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx [2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx [2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx [2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx [2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx [2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx [2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx [2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx [2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx [2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx [2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx [2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx [2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx [2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx [2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx [2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx [2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx [2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx [2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx [2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx [2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx [2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx [2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx [2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx [2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx [2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx [2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx [2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx [2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx [2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx [2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx [2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx [2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx [2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx [2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx [2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx [2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx [2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx [2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx [2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx [2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx [2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx [2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx [2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx [2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx [2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx [2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx [2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx [2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx [2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx [2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx [2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx [2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx [2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx [2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx [2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx [2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx [2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx [2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx [2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx [2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx [2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx [2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx [2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx [2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx [2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx [2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx [2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx [2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx [2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx [2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx [2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx [2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx [2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx [2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx [2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx [2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx [2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx [2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx [2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx [2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx [2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx [2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx [2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx [2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx [2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx [2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx [2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx [2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx [2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx [2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx [2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx [2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx [2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx [2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx [2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx [2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx [2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx [2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx [2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx [2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx [2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx [2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx [2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx [2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx [2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx [2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx [2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx [2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx [2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx [2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx [2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx [2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx [2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx [2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx [2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx [2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx [2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx [2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx [2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx [2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx [2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx [2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx [2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx [2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx [2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx [2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx [2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx [2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx [2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx [2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx [2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx [2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx [2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx [2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx [2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx [2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx [2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx [2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx [2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx [2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx [2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx [2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx [2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx [2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx [2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx [2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx [2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx [2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx [2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx [2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx [2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx [2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx [2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx [2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx [2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx [2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx [2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx [2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx [2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx [2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx [2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx [2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx [2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx [2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx [2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx [2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx [2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx [2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx [2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx [2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx [2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx [2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx [2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx [2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx [2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx [2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx [2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx [2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx [2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx [2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx [2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx [2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx [2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx [2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx [2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx [2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx [2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx [2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx [2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx [2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx [2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx [2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx [2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx [2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx [2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx [2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx [2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx [2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx [2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx [2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx [2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx [2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx [2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx [2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx [2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx [2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx [2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx [2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx [2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx [2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx [2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx [2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx [2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx [2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx [2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx [2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx [2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx [2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx [2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx [2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx [2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx [2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx [2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx [2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx [2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx [2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx [2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx [2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx [2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx [2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx [2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx [2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx [2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx [2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx [2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx [2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx [2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx [2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx [2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx [2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx [2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx [2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx [2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx [2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx [2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx [2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx [2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx [2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx [2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx [2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx [2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx [2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx [2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx [2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx [2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx [2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx [2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx [2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx [2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx [2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe [2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx [2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx [2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx [2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx [2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx [2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx [2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx [2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx [2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx [2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx [2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx [2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx [2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx [2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx [2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx [2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx [2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx [2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx [2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx [2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx [2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx [2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx [2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx [2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx [2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx [2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx [2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx [2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx [2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx [2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx [2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx [2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx [2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx [2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx [2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx [2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx [2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx [2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx [2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx [2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx [2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx [2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx [2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx [2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx [2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx [2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx [2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx [2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx [2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx [2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx [2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx [2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx [2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx [2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx [2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx [2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx [2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx [2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx [2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx [2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx [2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx [2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx [2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx [2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx [2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx [2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx [2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx [2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx [2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx [2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx [2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx [2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx [2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx [2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx [2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx [2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx [2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx [2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx [2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx [2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx [2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx [2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx [2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx [2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx [2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx [2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx [2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx [2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx [2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx [2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx [2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx [2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx [2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx [2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx [2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx [2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx [2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx [2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx [2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx [2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx [2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx [2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx [2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx [2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx [2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx [2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx [2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx [2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx [2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx [2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx [2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx [2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx [2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx [2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx [2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx [2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx [2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx [2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx [2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx [2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx [2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx [2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx [2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx [2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx [2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx [2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx [2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx [2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx [2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx [2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx [2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx [2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx [2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx [2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx [2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx [2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx [2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx [2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx [2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx [2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx [2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx [2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx [2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx [2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx [2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx [2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx [2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx [2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx [2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx [2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx [2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx [2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx [2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx [2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx [2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx [2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx [2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx [2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx [2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx [2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx [2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll [2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll [2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll [2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll [2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll [2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe [2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll [2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll [2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar [2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff [2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl [2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert [2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state [2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties [2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties [2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties [2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 40 bytes -> C:\Runonce:NUL @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF < End of report >
  9. Hi D-Fred-Brown, Please see below for OTL results: OTL logfile created on: 2013/06/10 12:02:17 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free 5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.58% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 61.98 Gb Free Space | 26.75% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 267.02 Gb Free Space | 57.46% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.44 Gb Free Space | 59.48% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/29 16:41:00 | 000,332,658 | RHS- | M] () -- C:\WINDOWS\ime\lsass.exe PRC - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe PRC - [2013/05/03 15:22:35 | 000,527,360 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\browser\spresrt.exe PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll PRC - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () -- C:\WINDOWS\ime\csrss.exe PRC - [2006/04/14 20:10:48 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2005/03/24 18:26:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\W3WP.EXE PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe PRC - [2005/03/24 18:06:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\LOGON.SCR PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2013/06/10 11:09:37 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi34.dll MOD - [2013/06/03 15:25:16 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi33.dll MOD - [2013/05/29 16:41:00 | 000,342,248 | RHS- | M] () -- C:\WINDOWS\ime\libcurl-4.dll MOD - [2013/05/29 16:41:00 | 000,332,658 | RHS- | M] () -- C:\WINDOWS\ime\lsass.exe MOD - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll MOD - [2013/01/20 07:03:04 | 001,381,888 | ---- | M] () -- C:\WINDOWS\Debug\browser\mozjs.dll MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll MOD - [2006/09/29 10:40:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Common Files\ESRI\Raster\bin\ntx86\znglib.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll MOD - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () -- C:\WINDOWS\ime\csrss.exe MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\svchest.exe -- (Windows Test My Tedfasf.0) SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO) SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener) SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa) SRV - [2013/06/05 03:52:36 | 054,630,057 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Ugwyaq\Xqkiuzg.exe -- (Iqaeym yqodwa) SRV - [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\360sb.exe -- (Nationallap) SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde) SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5) SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Themer.exe -- (Themer) SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer) SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash) SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL) SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv) SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto) SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service) SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc) SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service) SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service) SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983) SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server) SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector) SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl) SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter) SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService) SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb) SRV - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\ime\csrss.exe -- (themeb) SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService) SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr) SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm) SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis) SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS) SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv) SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs) SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs) SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.) SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr) SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ) SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0) SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo) DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT) DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB) DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt) DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv) DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver) DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=29065018_76_hao_pg IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/09/08 09:50:02 | 000,000,000 | ---D | M] [2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.126 dpmserver.mhp.co.za O1 - Hosts: 192.168.0.23 blesbok O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [360Safetray] File not found O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation) O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKLM..\Run: [jhecryz] C:\WINDOWS\Resources\smscvc.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KVMON] File not found O4 - HKLM..\Run: [KVXP] File not found O4 - HKLM..\Run: [kxesc] File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found O4 - HKLM..\Run: [QQPCTray] File not found O4 - HKLM..\Run: [RavTRAY] File not found O4 - HKLM..\Run: [Remote] "C:\Windows\misx.exe" -autorun File not found O4 - HKLM..\Run: [RISTRAY] File not found O4 - HKLM..\Run: [shell] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [shStatEXE] File not found O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe () O4 - HKLM..\Run: [zvary] C:\windows\msapps\msinfo\wyhtday.exe File not found O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\.DEFAULT..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\S-1-5-18..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\.DEFAULT..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe (深圳市迅雷网络技术有限公司) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O27 - HKLM IFEO\360rp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360rps.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360Safe.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360sd.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360tray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kavstart.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kissvc.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KsafeTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KSWebShield.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVMonXP.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVMonXP.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVSrvXp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kvxp.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\Kwatch.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\QQPCRTP.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\QQPCTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\ravmond.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\RSTRAY.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\SHSTAT.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\Storm.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/06/09 12:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startupÿ [2013/06/09 12:55:16 | 000,191,114 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe [2013/06/05 16:40:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws.exe [2013/06/05 16:39:53 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p.exe [2013/06/05 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller [2013/06/05 03:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Ugwyaq [2013/06/05 03:52:32 | 054,630,057 | ---- | C] (Sogou.com Inc.) -- C:\Uigrcw.exe [2013/06/05 03:52:27 | 002,201,257 | ---- | C] (Sogou.com Inc.) -- C:\WINDOWS\sos.exe [2013/05/30 09:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX37654A81 [2013/05/30 08:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2013/05/29 05:48:06 | 000,500,680 | ---- | C] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rumjow odsgi [2013/05/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/05/24 11:01:37 | 025,817,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller [2013/05/24 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/05/24 09:48:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:42:34 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\INISet [2013/05/24 09:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao [2013/05/24 05:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KingSoft [2013/05/24 05:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent [2013/05/24 05:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wuji [2013/05/24 05:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\liebao [2013/05/23 22:18:32 | 000,079,360 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:01 | 000,256,988 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/10 01:50:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job [2013/06/10 01:25:12 | 000,000,000 | ---- | M] () -- C:\hexscrcc.exe [2013/06/10 01:25:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexscrcc.exe [2013/06/10 01:09:57 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job [2013/06/10 00:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/09 13:06:13 | 000,000,000 | ---- | M] () -- C:\hex8.exe [2013/06/09 13:06:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex8.exe [2013/06/09 12:55:57 | 000,191,114 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe [2013/06/09 02:25:09 | 000,000,075 | ---- | M] () -- C:\xpoffice.exe.exe [2013/06/09 02:25:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\xpoffice.exe.exe [2013/06/08 17:11:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex888.exe [2013/06/08 11:41:52 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf [2013/06/08 06:09:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex8521.exe [2013/06/07 22:30:57 | 000,002,318 | ---- | M] () -- C:\WINDOWS\taskmgr.exe [2013/06/07 08:28:17 | 000,000,000 | ---- | M] () -- C:\hex219.exe [2013/06/07 08:28:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex219.exe [2013/06/07 07:21:14 | 000,000,071 | ---- | M] () -- C:\hex123.vbs [2013/06/07 07:21:12 | 000,000,071 | ---- | M] () -- C:\WINDOWS\System32\hex123.vbs [2013/06/07 07:20:01 | 000,012,623 | ---- | M] () -- C:\boot123.vbs [2013/06/07 07:19:59 | 000,012,623 | ---- | M] () -- C:\WINDOWS\System32\boot123.vbs [2013/06/07 07:19:51 | 000,000,066 | ---- | M] () -- C:\xp123.vbs [2013/06/07 07:19:47 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\xp123.vbs [2013/06/06 21:11:38 | 000,179,029 | ---- | M] () -- C:\WINDOWS\System32\LocalUser.exe [2013/06/06 19:20:44 | 000,195,104 | ---- | M] () -- C:\WINDOWS\System\Consys05.dll [2013/06/06 14:29:54 | 000,121,344 | ---- | M] () -- C:\WINDOWS\System32\1.exe [2013/06/06 13:03:02 | 000,000,000 | ---- | M] () -- C:\hexServer.exe [2013/06/06 08:01:40 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini [2013/06/05 21:26:42 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat [2013/06/05 21:26:03 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat [2013/06/05 13:55:56 | 000,378,618 | ---- | M] () -- C:\WINDOWS\System32\hexLocalUser.exe [2013/06/05 11:03:13 | 000,000,095 | ---- | M] () -- C:\xpQQPCMgr RTP Service.exe [2013/06/05 11:03:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\xpQQPCMgr RTP Service.exe [2013/06/05 09:44:31 | 000,000,000 | ---- | M] () -- C:\hex360.exe [2013/06/05 09:44:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex360.exe [2013/06/05 03:53:29 | 000,000,000 | ---- | M] () -- C:\hexsos.exe [2013/06/05 03:53:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexsos.exe [2013/06/05 03:52:55 | 000,000,500 | ---- | M] () -- C:\6680.vbs [2013/06/05 03:52:43 | 000,000,500 | ---- | M] () -- C:\4021.vbs [2013/06/05 03:52:36 | 054,630,057 | ---- | M] (Sogou.com Inc.) -- C:\Uigrcw.exe [2013/06/05 03:52:27 | 002,201,257 | ---- | M] (Sogou.com Inc.) -- C:\WINDOWS\sos.exe [2013/06/04 03:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexwintime.exe [2013/06/03 22:15:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb [2013/06/03 22:15:49 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf [2013/06/03 15:54:29 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\servger.exe [2013/06/03 15:54:25 | 000,001,499 | ---- | M] () -- C:\WINDOWS\System32\vcinen.vbs [2013/06/03 02:36:44 | 000,000,000 | ---- | M] () -- C:\hexServer.exe.exe [2013/06/03 02:36:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexServer.exe.exe [2013/06/03 02:35:38 | 000,000,077 | ---- | M] () -- C:\xpServer.exe.exe [2013/06/03 02:35:36 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\xpServer.exe.exe [2013/06/02 14:21:09 | 000,000,813 | ---- | M] () -- C:\WINDOWS\reg.bat [2013/06/02 05:10:15 | 000,000,000 | ---- | M] () -- C:\hexcensored.exe [2013/06/02 05:10:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexcensored.exe [2013/06/02 00:34:06 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\hexsqlupdate.exe [2013/06/02 00:32:49 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\stsqlupdate.exe [2013/06/02 00:32:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\zysqlupdate.exe [2013/06/02 00:32:34 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\onsqlupdate.exe [2013/06/02 00:32:17 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\onfsqlupdate.dat [2013/05/31 09:43:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 09:20:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\37654A81 [2013/05/29 16:08:54 | 000,000,000 | ---- | M] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 11:39:32 | 000,000,000 | ---- | M] () -- C:\hex5.exe [2013/05/29 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex5.exe [2013/05/29 07:01:30 | 000,032,120 | ---- | M] () -- C:\WINDOWS\123.exe [2013/05/29 05:48:06 | 000,500,680 | ---- | M] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/29 05:45:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf [2013/05/29 05:45:28 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\back.dat [2013/05/28 08:37:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job [2013/05/26 10:28:08 | 000,000,000 | ---- | M] () -- C:\hexaqypm.exe [2013/05/26 10:28:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexaqypm.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 10:53:17 | 025,817,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 09:43:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:43:04 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 05:30:16 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | M] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/23 22:18:32 | 000,079,360 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk [2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe [2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe [2013/05/18 21:30:05 | 000,000,500 | ---- | M] () -- C:\5368.vbs [2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat [2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$ [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/10 01:25:12 | 000,000,000 | ---- | C] () -- C:\hexscrcc.exe [2013/06/10 01:25:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexscrcc.exe [2013/06/09 10:59:43 | 000,000,000 | ---- | C] () -- C:\hex8.exe [2013/06/09 10:59:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex8.exe [2013/06/09 02:25:09 | 000,000,075 | ---- | C] () -- C:\xpoffice.exe.exe [2013/06/09 02:25:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\xpoffice.exe.exe [2013/06/08 17:11:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex888.exe [2013/06/07 22:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex8521.exe [2013/06/07 11:50:39 | 000,107,369 | ---- | C] () -- C:\hexsvshost.exe [2013/06/07 08:28:17 | 000,000,000 | ---- | C] () -- C:\hex219.exe [2013/06/07 08:28:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex219.exe [2013/06/07 07:19:57 | 000,012,623 | ---- | C] () -- C:\boot123.vbs [2013/06/07 07:19:55 | 000,012,623 | ---- | C] () -- C:\WINDOWS\System32\boot123.vbs [2013/06/06 21:11:32 | 000,179,029 | ---- | C] () -- C:\WINDOWS\System32\LocalUser.exe [2013/06/06 19:20:30 | 000,195,104 | ---- | C] () -- C:\WINDOWS\System\Consys05.dll [2013/06/06 14:29:43 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\1.exe [2013/06/06 13:03:02 | 000,000,000 | ---- | C] () -- C:\hexServer.exe [2013/06/05 23:42:53 | 000,002,318 | ---- | C] () -- C:\WINDOWS\taskmgr.exe [2013/06/05 13:55:56 | 000,378,618 | ---- | C] () -- C:\WINDOWS\System32\hexLocalUser.exe [2013/06/05 13:51:46 | 000,000,813 | ---- | C] () -- C:\WINDOWS\reg.bat [2013/06/05 11:03:13 | 000,000,095 | ---- | C] () -- C:\xpQQPCMgr RTP Service.exe [2013/06/05 11:03:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\xpQQPCMgr RTP Service.exe [2013/06/05 09:44:31 | 000,000,000 | ---- | C] () -- C:\hex360.exe [2013/06/05 09:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex360.exe [2013/06/05 03:53:29 | 000,000,000 | ---- | C] () -- C:\hexsos.exe [2013/06/05 03:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexsos.exe [2013/06/05 03:52:55 | 000,000,500 | ---- | C] () -- C:\6680.vbs [2013/06/05 03:52:43 | 000,000,500 | ---- | C] () -- C:\4021.vbs [2013/06/04 03:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexwintime.exe [2013/06/03 15:54:29 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\servger.exe [2013/06/03 15:54:25 | 000,001,499 | ---- | C] () -- C:\WINDOWS\System32\vcinen.vbs [2013/06/03 02:36:44 | 000,000,000 | ---- | C] () -- C:\hexServer.exe.exe [2013/06/03 02:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexServer.exe.exe [2013/06/03 02:35:38 | 000,000,077 | ---- | C] () -- C:\xpServer.exe.exe [2013/06/03 02:35:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\xpServer.exe.exe [2013/06/02 05:10:12 | 000,000,000 | ---- | C] () -- C:\hexcensored.exe [2013/06/02 05:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexcensored.exe [2013/06/02 00:34:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\hexsqlupdate.exe [2013/06/02 00:32:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\stsqlupdate.exe [2013/06/02 00:32:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zysqlupdate.exe [2013/06/02 00:32:29 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\onsqlupdate.exe [2013/06/02 00:32:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfsqlupdate.dat [2013/05/30 11:40:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 09:20:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\37654A81 [2013/05/29 16:08:54 | 000,000,000 | ---- | C] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 07:01:30 | 000,032,120 | ---- | C] () -- C:\WINDOWS\123.exe [2013/05/29 05:45:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\back.dat [2013/05/29 04:04:46 | 000,000,000 | ---- | C] () -- C:\hex5.exe [2013/05/29 04:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex5.exe [2013/05/26 09:52:47 | 000,000,000 | ---- | C] () -- C:\hexaqypm.exe [2013/05/26 09:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexaqypm.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 09:49:03 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 05:30:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat [2013/05/18 21:30:05 | 000,000,500 | ---- | C] () -- C:\5368.vbs [2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe [2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$ [2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe [2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat [2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat [2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat [2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe [2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe [2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe [2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe [2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe [2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe [2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe [2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat [2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe [2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe [2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe [2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe [2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat [2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini [2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe [2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com [2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys [2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe [2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys [2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll [2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll [2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll [2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe [2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS [2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll [2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini [2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini [2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini [2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll [2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat [2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll [2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe [2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe [2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe [2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe
  10. Hi D-Fred Brown Please see below for report: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/06/2013 at 11:48 AM Application Version : 5.6.1020 Core Rules Database Version : 10491 Trace Rules Database Version: 8303 Scan type : Complete Scan Total Scan Time : 03:29:32 Operating System Information Windows Server 2003 Standard Edition 32-bit, Service Pack 1 (Build 5.02.3790) Administrator Memory items scanned : 846 Memory threats detected : 1 Registry items scanned : 48333 Registry threats detected : 6 File items scanned : 205839 File threats detected : 53 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.cpmburner[2].txt [ /adserver1.cpmburner ] C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.mediacpm[2].txt [ /adserver1.mediacpm ] C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt [ /atdmt ] C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt [ /doubleclick ] C:\Documents and Settings\Administrator\Cookies\administrator@gamesextensions[2].txt [ /gamesextensions ] C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt [ /invitemedia ] C:\Documents and Settings\Administrator\Cookies\administrator@lucidmedia[1].txt [ /lucidmedia ] C:\Documents and Settings\Administrator\Cookies\administrator@ru4[2].txt [ /ru4 ] C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt [ /serving-sys ] C:\Documents and Settings\Administrator\Cookies\administrator@cnzz.mmstat[2].txt [ /cnzz.mmstat.com ] C:\Documents and Settings\Administrator\Cookies\administrator@mmstat[1].txt [ /mmstat.com ] C:\DOCUMENTS AND SETTINGS\123\Cookies\123@mmstat[1].txt [ Cookie:123@mmstat.com/ ] C:\DOCUMENTS AND SETTINGS\123\Cookies\123@cnzz.mmstat[1].txt [ Cookie:123@cnzz.mmstat.com/ ] C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@mmstat[1].txt [ Cookie:8yoo$@mmstat.com/ ] C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@mediav[2].txt [ Cookie:8yoo$@mediav.com/ ] C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@cnzz.mmstat[2].txt [ Cookie:8yoo$@cnzz.mmstat.com/ ] C:\DOCUMENTS AND SETTINGS\USER\Cookies\user@mmstat[1].txt [ Cookie:user@mmstat.com/ ] C:\DOCUMENTS AND SETTINGS\8YOO$\COOKIES\8YOO$@DOUBLECLICK[2].TXT [ /DOUBLECLICK ] cdn-www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCS5VTWR ] wwwstatic.megaporn.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCS5VTWR ] C:\DOCUMENTS AND SETTINGS\USER\COOKIES\USER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ] Worm.Rbot Variant HKLM\System\ControlSet001\Services\SYSMGT C:\WINDOWS\SYSTEM32\SYSMGT.EXE HKLM\System\ControlSet001\Enum\Root\LEGACY_SYSMGT HKLM\System\ControlSet003\Services\SYSMGT HKLM\System\ControlSet003\Enum\Root\LEGACY_SYSMGT HKLM\System\CurrentControlSet\Services\SYSMGT HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SYSMGT C:\WINDOWS\SYSTEM32\SYSMGT.EXE Trojan.Dropper/Gen-PHP E:\FAVORITEVIDEO\INVISIBLEFOLDER\CLICK.PHP Adware.Tencent C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\26VY7XHS\SERVER[1].EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\CTUVWXYAB_NET.EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\SERVER.EXE C:\WINDOWS\SRCHASST\RPCPROXY\SSOPLATFORM.DLL C:\WINDOWS\SYSTEM32\CTUVWXYAB_NET.EXE Trojan.Agent/Gen-Frauder C:\DOCUMENTS AND SETTINGS\HEXEXPLORER.EXE C:\WINDOWS\ARP.VBS C:\WINDOWS\SYSTEM32\HEXEXPLORER.EXE Rogue.Agent/Gen-Nullo[EXE] C:\WINDOWS\360SB.EXE C:\WINDOWS\AOXIANG.EXE C:\WINDOWS\QQGAMEMGR.EXE C:\WINDOWS\SCIVES.EXE C:\WINDOWS\SQLAGENT.EXE C:\WINDOWS\SYSTEM32\HEX2.EXE C:\WINDOWS\TZMM.EXE C:\WINDOWS\VBSA.EXE Adware.Vundo/Variant-MSFake C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\DUMP.COM C:\WINDOWS\SYSTEM32\DUMP.COM Trojan.Agent/Gen-MonSync C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\MONSYNC.EXE C:\WINDOWS\SYSTEM32\MONSYNC.EXE Trojan.Agent/Gen-Backdoor C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HCAPPS.EXE Trojan.Agent/Gen C:\WINDOWS\SVCHOSF.EXE Rogue.Agent/Gen-Nullo[DLL] C:\WINDOWS\SYSTEM32\BLA.DLL C:\WINDOWS\SYSTEM32\CORELOAD.DLL C:\WINDOWS\SYSTEM32\MSTORES.DLL C:\WINDOWS\SYSTEM32\RPCSERVER32.DLL Trojan.Agent/Gen-Yoddos C:\WINDOWS\SYSTEM32\HEXR.EXE C:\WINDOWS\SYSTEM32\STR.EXE Trojan.Agent/Gen-MSFake C:\WINDOWS\SYSTEM32\UIMKYC.EXE Trojan.Agent/Gen-NetCat C:\WINDOWS\TEMP\95315964.TMP
  11. Hi D-Fred-Brown, When i ran the scan it lasted 10 seconds. I tried it 5 times and it did the same thing. It didn't open any log file. So i tried to force it to run as administrator. It comes up with ... 2 errors: Can't initialize log Can't load driver
  12. Hi please see Extras.txt below: OTL Extras logfile created on: 2013/06/04 08:14:59 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.48% Memory free 5.84 Gb Paging File | 4.36 Gb Available in Paging File | 74.63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 60.59 Gb Free Space | 26.14% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 292.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.47 Gb Free Space | 59.49% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe () .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe () .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe () .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe () .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe () .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe () [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05A646C0-2068-4536-BAD3-4CAFA500FA8A}" = ServerView RAID "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005 "{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools "{1DF999AD-1654-4C80-864E-C2E2284C8FD5}" = Fujitsu Siemens ServerView Agents "{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop "{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0 "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5D81D227-790A-43D8-BD30-6A7935CD6837}" = MadOnion.com/PCMark2002 "{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2 "{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11 "{752AE27D-0AE5-4728-B615-308926C04A91}" = ArcGIS ArcIMS "{7F2357C7-4F66-4FE6-952A-EEF701AA368A}" = ArcGIS Image Server Tutorial "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B799ADD-7E5C-41B9-936B-942F3CAE42A0}" = Jakarta Isapi Redirector "{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4 "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English) "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A20152C1-6CB7-4343-9C12-BEAB68952D9E}" = ArcGIS 9.2 Demos Print Custom Web ADF Task "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch "{ACDE005A-598D-4147-9482-880723015E3B}" = ArcGIS Image Server "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus "{C1755A45-D393-4E72-9FF8-88A328602D57}" = Fujitsu Siemens GlobalFlash Service "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}" = DeltaCopy "{DA41E333-39E0-4956-A329-DFC75F0A353A}" = ArcGIS ArcSDE for Microsoft SQL Server "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0 "{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services "{FC195F9B-059C-4D21-B937-24687368D192}" = Windows Agent "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only) "ArcGIS License Manager" = ArcGIS License Manager "ATI Display Driver" = ATI Display Driver "Complitly_is1" = Complitly "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "ESET Online Scanner" = ESET Online Scanner v3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImageMagick 6.4.1 Q16_is1" = ImageMagick 6.4.1-8 Q16 (07/01/08) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PHP 5.1.2" = PHP 5.1.2 "Raster Utilities_is1" = Raster Utilities v1.0 "Revo Uninstaller" = Revo Uninstaller 1.94 "TeamViewer 8" = TeamViewer 8 "UPSMON Plus for Windows_is1" = UPSMON Plus for Windows "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 1 "XXConsole" = XXConsole: Super Console Generator ver 0.96 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013/06/03 03:27:45 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 03:27:45 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 03:27:47 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 03:27:47 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 03:27:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 03:27:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Cannot find table geoafrika/staff from the internal data dictionary of InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html how you can resolve the problem. For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 11:29:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 11:29:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 06:24:41 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/06/03 06:24:41 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. [ System Events ] Error - 2013/06/04 02:25:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/04 02:25:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/04 02:26:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/04 02:26:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/04 02:27:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/04 02:27:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/04 02:28:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/04 02:28:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/06/04 02:29:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/06/04 02:29:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 < End of report >
  13. Hi, please see OTL.txt part2: [2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx [2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx [2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx [2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe [2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx [2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx [2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx [2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx [2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx [2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx [2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx [2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx [2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx [2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx [2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx [2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx [2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx [2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx [2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx [2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx [2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx [2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx [2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx [2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx [2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx [2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx [2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx [2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx [2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx [2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx [2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx [2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx [2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx [2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx [2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx [2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx [2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx [2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx [2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx [2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx [2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx [2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx [2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx [2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx [2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx [2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx [2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx [2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx [2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx [2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx [2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx [2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx [2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx [2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx [2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx [2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx [2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx [2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx [2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx [2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx [2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx [2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx [2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx [2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx [2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx [2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx [2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx [2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx [2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx [2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx [2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx [2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx [2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx [2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx [2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx [2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx [2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx [2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx [2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx [2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx [2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx [2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx [2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx [2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx [2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx [2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx [2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx [2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx [2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx [2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx [2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx [2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx [2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx [2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx [2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx [2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx [2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx [2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx [2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx [2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx [2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx [2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx [2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx [2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx [2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx [2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx [2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx [2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx [2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx [2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx [2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx [2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx [2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx [2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx [2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx [2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx [2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx [2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx [2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx [2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx [2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx [2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx [2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx [2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx [2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx [2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx [2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx [2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx [2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx [2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx [2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx [2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx [2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx [2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx [2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx [2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx [2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx [2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx [2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx [2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx [2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx [2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx [2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx [2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx [2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx [2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx [2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx [2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx [2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx [2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx [2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx [2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx [2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx [2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx [2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx [2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx [2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx [2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx [2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx [2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx [2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx [2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx [2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx [2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx [2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx [2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx [2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx [2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx [2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx [2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx [2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx [2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx [2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx [2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx [2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx [2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx [2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx [2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx [2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx [2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx [2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx [2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx [2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx [2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx [2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx [2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx [2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx [2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx [2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx [2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx [2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx [2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx [2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx [2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx [2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx [2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx [2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx [2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx [2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx [2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx [2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx [2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx [2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx [2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx [2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx [2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx [2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx [2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx [2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx [2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx [2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx [2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx [2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx [2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx [2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx [2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx [2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx [2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx [2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx [2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx [2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx [2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx [2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx [2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx [2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx [2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx [2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx [2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx [2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx [2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx [2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx [2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx [2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx [2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx [2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx [2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx [2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx [2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx [2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx [2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx [2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx [2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx [2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx [2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx [2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx [2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx [2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx [2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx [2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx [2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx [2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx [2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx [2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx [2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx [2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx [2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx [2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx [2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx [2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx [2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx [2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx [2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx [2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx [2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx [2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx [2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx [2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx [2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx [2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx [2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx [2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx [2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx [2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx [2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx [2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx [2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx [2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx [2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx [2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx [2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx [2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx [2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx [2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx [2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx [2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx [2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx [2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx [2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx [2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx [2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx [2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx [2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx [2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx [2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx [2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx [2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx [2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx [2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx [2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx [2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx [2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx [2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx [2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx [2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx [2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx [2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx [2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx [2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx [2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx [2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx [2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx [2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx [2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx [2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx [2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe [2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx [2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx [2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx [2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx [2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx [2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx [2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx [2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx [2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx [2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx [2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx [2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx [2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx [2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx [2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx [2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx [2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx [2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx [2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx [2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx [2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx [2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx [2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx [2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx [2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx [2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx [2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx [2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx [2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx [2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx [2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx [2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx [2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx [2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx [2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx [2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx [2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx [2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx [2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx [2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx [2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx [2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx [2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx [2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx [2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx [2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx [2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx [2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx [2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx [2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx [2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx [2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx [2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx [2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx [2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx [2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx [2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx [2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx [2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx [2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx [2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx [2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx [2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx [2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx [2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx [2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx [2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx [2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx [2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx [2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx [2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx [2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx [2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx [2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx [2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx [2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx [2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx [2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx [2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx [2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx [2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx [2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx [2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx [2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx [2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx [2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx [2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx [2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx [2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx [2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx [2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx [2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx [2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx [2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx [2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx [2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx [2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx [2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx [2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx [2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx [2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx [2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx [2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx [2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx [2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx [2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx [2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx [2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx [2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx [2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx [2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx [2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx [2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx [2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx [2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx [2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx [2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx [2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx [2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx [2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx [2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx [2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx [2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx [2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx [2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx [2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx [2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx [2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx [2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx [2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx [2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx [2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx [2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx [2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx [2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx [2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx [2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx [2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx [2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx [2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx [2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx [2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx [2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx [2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx [2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx [2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx [2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx [2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx [2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx [2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx [2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx [2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx [2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx [2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx [2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx [2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx [2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx [2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx [2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx [2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx [2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll [2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll [2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll [2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll [2012/08/30 17:52:19 | 000,002,361 | ---- | C] () -- C:\WINDOWS\scives.exe [2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll [2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe [2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll [2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll [2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar [2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff [2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl [2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert [2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state [2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties [2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties [2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties [2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 40 bytes -> C:\Runonce:NUL @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF < End of report >
  14. Hi D-Fred-Brown, Please see scan results below for OTL.txt: OTL logfile created on: 2013/06/04 08:14:59 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.48% Memory free 5.84 Gb Paging File | 4.36 Gb Available in Paging File | 74.63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 60.59 Gb Free Space | 26.14% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 292.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.47 Gb Free Space | 59.49% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe PRC - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe PRC - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe PRC - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe PRC - [2013/05/03 15:22:35 | 000,527,360 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\browser\spresrt.exe PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/01/20 13:03:04 | 000,856,064 | ---- | M] (www.gotop.org) -- c:\WINDOWS\mui\browser\GOTOPBR.EXE PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe PRC - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) -- C:\WINDOWS\system32\sysmgt.exe PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll PRC - [2006/04/14 20:10:48 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe PRC - [2005/03/24 18:06:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\LOGON.SCR PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/03/24 17:57:54 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CMD.EXE PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2013/06/03 15:25:16 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi33.dll MOD - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe MOD - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe MOD - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe MOD - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll MOD - [2013/01/20 13:03:04 | 001,381,888 | ---- | M] () -- c:\WINDOWS\mui\browser\mozjs.dll MOD - [2013/01/20 07:03:04 | 001,381,888 | ---- | M] () -- C:\WINDOWS\Debug\browser\mozjs.dll MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\svchest.exe -- (Windows Test My Tedfasf.0) SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv) SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (SharedAccess) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO) SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener) SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa) SRV - [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\360sb.exe -- (Nationallap) SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde) SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5) SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Themer.exe -- (Themer) SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer) SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash) SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL) SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv) SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto) SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service) SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc) SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service) SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service) SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983) SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server) SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector) SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl) SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter) SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService) SRV - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) [Auto | Running] -- C:\WINDOWS\system32\sysmgt.exe -- (sysmgt) SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb) SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService) SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr) SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm) SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis) SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS) SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv) SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs) SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs) SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.) SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr) SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ) SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0) SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo) DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT) DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB) DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt) DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv) DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver) DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=29065018_76_hao_pg IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/09/08 09:50:02 | 000,000,000 | ---D | M] [2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.126 dpmserver.mhp.co.za O1 - Hosts: 192.168.0.23 blesbok O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [360Safetray] File not found O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation) O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found O4 - HKLM..\Run: [dsa] C:\RECYCLER\woai.exe File not found O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKLM..\Run: [fasd] C:\RECYCLER\woai.exe File not found O4 - HKLM..\Run: [jhecryz] C:\WINDOWS\Resources\smscvc.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KVMON] File not found O4 - HKLM..\Run: [KVXP] File not found O4 - HKLM..\Run: [kxesc] File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found O4 - HKLM..\Run: [QQPCTray] File not found O4 - HKLM..\Run: [RavTRAY] File not found O4 - HKLM..\Run: [RISTRAY] File not found O4 - HKLM..\Run: [shStatEXE] File not found O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe () O4 - HKLM..\Run: [zvary] C:\windows\msapps\msinfo\wyhtday.exe File not found O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\.DEFAULT..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\S-1-5-18..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\Storm.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/31 12:20:15 | 000,030,208 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\tfma.exe [2013/05/30 09:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX37654A81 [2013/05/30 08:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2013/05/29 05:48:06 | 000,500,680 | ---- | C] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rumjow odsgi [2013/05/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/05/24 11:01:37 | 025,817,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller [2013/05/24 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/05/24 09:48:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:42:34 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\INISet [2013/05/24 09:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao [2013/05/24 05:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KingSoft [2013/05/24 05:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent [2013/05/24 05:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wuji [2013/05/24 05:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\liebao [2013/05/23 22:18:32 | 000,079,360 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:01 | 000,256,988 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe [2013/05/10 12:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2013/05/10 12:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HC_logs [2013/05/10 12:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gotop [2013/05/09 14:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Network [2013/05/09 12:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinCmder [2013/05/06 14:00:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/04 03:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexwintime.exe [2013/06/04 01:49:39 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job [2013/06/04 01:09:52 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job [2013/06/04 00:19:50 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini [2013/06/04 00:19:48 | 000,001,335 | ---- | M] () -- C:\WINDOWS\System32\rpcserver32.dll [2013/06/04 00:17:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/03 22:15:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb [2013/06/03 22:15:49 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf [2013/06/03 21:36:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexsvchost.exe [2013/06/03 15:54:29 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\servger.exe [2013/06/03 15:54:25 | 000,001,499 | ---- | M] () -- C:\WINDOWS\System32\vcinen.vbs [2013/06/03 02:36:44 | 000,000,000 | ---- | M] () -- C:\hexServer.exe.exe [2013/06/03 02:36:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexServer.exe.exe [2013/06/03 02:35:38 | 000,000,077 | ---- | M] () -- C:\xpServer.exe.exe [2013/06/03 02:35:36 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\xpServer.exe.exe [2013/06/02 09:07:48 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat [2013/06/02 09:07:21 | 000,000,628 | ---- | M] () -- C:\tsp.bat [2013/06/02 05:10:15 | 000,000,000 | ---- | M] () -- C:\hexcensored.exe [2013/06/02 05:10:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexcensored.exe [2013/06/02 03:35:14 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat [2013/06/02 00:34:06 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\hexsqlupdate.exe [2013/06/02 00:32:49 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\stsqlupdate.exe [2013/06/02 00:32:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\zysqlupdate.exe [2013/06/02 00:32:34 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\onsqlupdate.exe [2013/06/02 00:32:17 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\onfsqlupdate.dat [2013/06/01 02:28:10 | 000,000,000 | ---- | M] () -- C:\hextfma.exe [2013/06/01 02:28:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hextfma.exe [2013/06/01 00:38:12 | 000,030,208 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\tfma.exe [2013/05/31 09:43:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 16:02:28 | 000,022,528 | ---- | M] () -- C:\WINDOWS\arp.vbs [2013/05/30 16:00:49 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\hexExplorer.exe [2013/05/30 09:20:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\37654A81 [2013/05/29 16:08:54 | 000,000,000 | ---- | M] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 11:39:32 | 000,000,000 | ---- | M] () -- C:\hex5.exe [2013/05/29 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex5.exe [2013/05/29 07:49:46 | 000,000,000 | ---- | M] () -- C:\Program Files\7b [2013/05/29 07:01:30 | 000,032,120 | ---- | M] () -- C:\WINDOWS\123.exe [2013/05/29 05:48:06 | 000,500,680 | ---- | M] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/29 05:45:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf [2013/05/29 05:45:28 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\back.dat [2013/05/29 05:39:03 | 000,002,006 | ---- | M] () -- C:\WINDOWS\1.exe [2013/05/29 05:07:49 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf [2013/05/28 08:37:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job [2013/05/26 10:28:08 | 000,000,000 | ---- | M] () -- C:\hexaqypm.exe [2013/05/26 10:28:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexaqypm.exe [2013/05/26 00:04:25 | 000,002,396 | ---- | M] () -- C:\WINDOWS\aoxiang.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 10:53:17 | 025,817,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 09:43:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:43:04 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 05:30:16 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | M] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/23 22:18:32 | 000,079,360 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk [2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe [2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe [2013/05/18 21:30:05 | 000,000,500 | ---- | M] () -- C:\5368.vbs [2013/05/18 11:12:28 | 000,002,350 | ---- | M] () -- C:\WINDOWS\QQGameMgr.exe [2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat [2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$ [2013/05/07 22:39:11 | 000,000,149 | ---- | M] () -- C:\WINDOWS\System32\sa.bat [2013/05/06 22:21:10 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\zynet2.0.exe [2013/05/06 22:20:53 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onfnet2.dat [2013/05/06 14:54:44 | 000,007,176 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/04 03:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexwintime.exe [2013/06/03 21:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexsvchost.exe [2013/06/03 15:54:29 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\servger.exe [2013/06/03 15:54:25 | 000,001,499 | ---- | C] () -- C:\WINDOWS\System32\vcinen.vbs [2013/06/03 02:36:44 | 000,000,000 | ---- | C] () -- C:\hexServer.exe.exe [2013/06/03 02:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexServer.exe.exe [2013/06/03 02:35:38 | 000,000,077 | ---- | C] () -- C:\xpServer.exe.exe [2013/06/03 02:35:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\xpServer.exe.exe [2013/06/02 09:07:21 | 000,000,628 | ---- | C] () -- C:\tsp.bat [2013/06/02 05:10:12 | 000,000,000 | ---- | C] () -- C:\hexcensored.exe [2013/06/02 05:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexcensored.exe [2013/06/02 00:34:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\hexsqlupdate.exe [2013/06/02 00:32:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\stsqlupdate.exe [2013/06/02 00:32:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zysqlupdate.exe [2013/06/02 00:32:29 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\onsqlupdate.exe [2013/06/02 00:32:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfsqlupdate.dat [2013/05/31 13:18:24 | 000,000,000 | ---- | C] () -- C:\hextfma.exe [2013/05/31 13:18:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hextfma.exe [2013/05/30 11:40:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 09:20:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\37654A81 [2013/05/30 05:59:19 | 000,022,528 | ---- | C] () -- C:\WINDOWS\arp.vbs [2013/05/30 05:57:52 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\hexExplorer.exe [2013/05/29 16:08:54 | 000,000,000 | ---- | C] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 07:01:30 | 000,032,120 | ---- | C] () -- C:\WINDOWS\123.exe [2013/05/29 05:45:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\back.dat [2013/05/29 05:39:03 | 000,002,006 | ---- | C] () -- C:\WINDOWS\1.exe [2013/05/29 04:04:46 | 000,000,000 | ---- | C] () -- C:\hex5.exe [2013/05/29 04:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex5.exe [2013/05/26 09:52:47 | 000,000,000 | ---- | C] () -- C:\hexaqypm.exe [2013/05/26 09:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexaqypm.exe [2013/05/26 00:04:25 | 000,002,396 | ---- | C] () -- C:\WINDOWS\aoxiang.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 09:49:03 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 05:30:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat [2013/05/18 21:30:05 | 000,000,500 | ---- | C] () -- C:\5368.vbs [2013/05/18 11:12:28 | 000,002,350 | ---- | C] () -- C:\WINDOWS\QQGameMgr.exe [2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe [2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$ [2013/05/09 14:27:02 | 000,000,000 | ---- | C] () -- C:\Program Files\7b [2013/05/09 14:11:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\wvinyk.inf [2013/05/09 14:10:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\backs.dat [2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe [2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat [2013/05/04 17:18:43 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\hex2.exe [2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat [2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat [2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe [2013/04/24 14:01:12 | 000,002,361 | ---- | C] () -- C:\WINDOWS\svchosf.exe [2013/04/22 23:19:21 | 000,002,362 | ---- | C] () -- C:\WINDOWS\sqlagent.exe [2013/04/19 17:57:27 | 000,002,349 | ---- | C] () -- C:\WINDOWS\vbsa.exe [2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe [2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe [2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe [2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe [2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe [2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe [2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat [2013/04/05 19:34:42 | 000,002,348 | ---- | C] () -- C:\WINDOWS\tzmm.exe [2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe [2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe [2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe [2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe [2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat [2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini [2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe [2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com [2013/02/03 17:48:03 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\hexr.exe [2013/02/03 17:47:13 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\str.exe [2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys [2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe [2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys [2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll [2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll [2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll [2013/01/22 17:30:01 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\coreload.dll [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll [2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe [2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS [2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll [2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini [2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini [2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini [2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll [2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat [2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll [2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe [2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe [2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe [2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe [2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe [2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx [2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx [2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx [2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx [2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx [2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx [2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx [2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx [2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx [2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx [2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx [2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx [2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx [2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx [2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx [2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx [2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx [2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx [2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx
  15. Hi D-Fred-Brown, Please see scan results below: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.03.02 Windows Server 2003 Service Pack 1 x86 NTFS Internet Explorer 7.0.5730.11 Administrator :: DRAGON [administrator] 2013/06/03 08:46:43 AM mbam-log-2013-06-03 (08-46-43).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 959827 Time elapsed: 5 hour(s), 55 minute(s), 2 second(s) Memory Processes Detected: 2 C:\WINDOWS\XXXXXX37654A81\svchsot.exe (Trojan.Svchsot) -> 3856 -> Delete on reboot. C:\WINDOWS\system32\svchest.exe (Trojan.Agent) -> 224 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 25 HKLM\SYSTEM\CurrentControlSet\Services\Windows Test My fd (Trojan.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rps.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsafeTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTRAY.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XXXXXX37654A81 (Trojan.Svchsot) -> Data: C:\WINDOWS\XXXXXX37654A81\svchsot.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|shell (Trojan.Agent) -> Data: C:\windows\taskmgr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Bad: (Explorer.exe) Good: () -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 16 C:\WINDOWS\XXXXXX37654A81\svchsot.exe (Trojan.Svchsot) -> Quarantined and deleted successfully. C:\Documents and Settings\hextfma.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\360.exe (Malware.NSPack) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1.exe (Trojan.Agent.QQ) -> Quarantined and deleted successfully. C:\RECYCLER\hex5.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexapym.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexExplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexcensored.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexServer.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexsqlupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hextfma.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\xpServer.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\taskmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Explorer.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchest.exe (Trojan.Agent) -> Delete on reboot. (end) Also, i noticed a program that runs and uses all the CPU resources, its called NTVDM.exe after i close each one down the CPU goes back to normal. It will eventually start up again though. And if i go to users and groups, its blank. Its not displaying any of the user accounts. It was showing before the ESET online scan.
  16. Good morning D-Fred-Brown, I have run the scan, waiting for it to complete.
  17. Hi this is the report from the Extra's report: OTL Extras logfile created on: 2013/05/31 09:21:22 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.27% Memory free 5.84 Gb Paging File | 3.98 Gb Available in Paging File | 68.18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 60.90 Gb Free Space | 26.28% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 305.40 Gb Free Space | 65.72% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.48 Gb Free Space | 59.49% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe () .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe () .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe () .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe () .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe () .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe () [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* () Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05A646C0-2068-4536-BAD3-4CAFA500FA8A}" = ServerView RAID "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005 "{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools "{1DF999AD-1654-4C80-864E-C2E2284C8FD5}" = Fujitsu Siemens ServerView Agents "{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop "{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0 "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5D81D227-790A-43D8-BD30-6A7935CD6837}" = MadOnion.com/PCMark2002 "{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2 "{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11 "{752AE27D-0AE5-4728-B615-308926C04A91}" = ArcGIS ArcIMS "{7F2357C7-4F66-4FE6-952A-EEF701AA368A}" = ArcGIS Image Server Tutorial "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B799ADD-7E5C-41B9-936B-942F3CAE42A0}" = Jakarta Isapi Redirector "{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4 "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English) "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A20152C1-6CB7-4343-9C12-BEAB68952D9E}" = ArcGIS 9.2 Demos Print Custom Web ADF Task "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch "{ACDE005A-598D-4147-9482-880723015E3B}" = ArcGIS Image Server "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus "{C1755A45-D393-4E72-9FF8-88A328602D57}" = Fujitsu Siemens GlobalFlash Service "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}" = DeltaCopy "{DA41E333-39E0-4956-A329-DFC75F0A353A}" = ArcGIS ArcSDE for Microsoft SQL Server "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0 "{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services "{FC195F9B-059C-4D21-B937-24687368D192}" = Windows Agent "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only) "ArcGIS License Manager" = ArcGIS License Manager "ATI Display Driver" = ATI Display Driver "Complitly_is1" = Complitly "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "ESET Online Scanner" = ESET Online Scanner v3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImageMagick 6.4.1 Q16_is1" = ImageMagick 6.4.1-8 Q16 (07/01/08) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PHP 5.1.2" = PHP 5.1.2 "Raster Utilities_is1" = Raster Utilities v1.0 "Revo Uninstaller" = Revo Uninstaller 1.94 "TeamViewer 8" = TeamViewer 8 "UPSMON Plus for Windows_is1" = UPSMON Plus for Windows "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 1 "XXConsole" = XXConsole: Super Console Generator ver 0.96 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013/05/29 12:08:52 PM | Computer Name = DRAGON | Source = Winlogon | ID = 1218 Description = Failed to load Terminal Server Profile path. Note that the profile path must be less than 256 characters in length. User Name: 8yoo$ Domain: DRAGON Error - 2013/05/29 05:00:13 PM | Computer Name = DRAGON | Source = SQLISPackage | ID = 77827 Description = Package "backup" failed. Error - 2013/05/29 06:00:04 PM | Computer Name = DRAGON | Source = SQLISPackage | ID = 77827 Description = Package "PalmLakes" failed. Error - 2013/05/29 06:19:39 PM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 17187 Description = SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 119.146.202.48] Error - 2013/05/29 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/05/29 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/05/30 05:40:13 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/05/30 05:40:13 AM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/05/30 06:24:28 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. Error - 2013/05/30 06:24:28 PM | Computer Name = DRAGON | Source = MySQL | ID = 100 Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information, see Help and Support Center at http://www.mysql.com. [ System Events ] Error - 2013/05/31 03:31:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/05/31 03:31:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/05/31 03:32:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/05/31 03:32:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/05/31 03:33:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/05/31 03:33:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/05/31 03:34:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/05/31 03:34:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 Error - 2013/05/31 03:35:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service service to connect. Error - 2013/05/31 03:35:06 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000 Description = The Windows Agent Service service failed to start due to the following error: %%1053 < End of report >
  18. Hi the OTL report continued : [2013/05/26 00:04:25 | 000,002,396 | ---- | C] () -- C:\WINDOWS\aoxiang.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 09:49:03 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 05:30:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/24 05:01:24 | 000,002,350 | ---- | C] () -- C:\WINDOWS\FULL.exe [2013/05/22 00:53:36 | 000,002,369 | ---- | C] () -- C:\WINDOWS\taskmgr.exe [2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat [2013/05/18 21:30:05 | 000,000,500 | ---- | C] () -- C:\5368.vbs [2013/05/18 11:12:28 | 000,002,350 | ---- | C] () -- C:\WINDOWS\QQGameMgr.exe [2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe [2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$ [2013/05/09 14:27:02 | 000,000,000 | ---- | C] () -- C:\Program Files\7b [2013/05/09 14:11:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\wvinyk.inf [2013/05/09 14:10:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\backs.dat [2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe [2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat [2013/05/04 17:18:43 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\hex2.exe [2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat [2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat [2013/05/04 15:16:32 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\win.bat [2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe [2013/04/24 14:01:12 | 000,002,361 | ---- | C] () -- C:\WINDOWS\svchosf.exe [2013/04/22 23:19:21 | 000,002,362 | ---- | C] () -- C:\WINDOWS\sqlagent.exe [2013/04/19 17:57:27 | 000,002,349 | ---- | C] () -- C:\WINDOWS\vbsa.exe [2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe [2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe [2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe [2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe [2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe [2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe [2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat [2013/04/05 19:34:42 | 000,002,348 | ---- | C] () -- C:\WINDOWS\tzmm.exe [2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe [2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe [2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe [2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe [2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat [2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini [2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe [2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com [2013/02/03 17:48:03 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\hexr.exe [2013/02/03 17:47:13 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\str.exe [2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys [2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe [2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys [2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll [2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll [2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll [2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll [2013/01/22 17:30:01 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\coreload.dll [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys [2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll [2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe [2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS [2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll [2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini [2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini [2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini [2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll [2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat [2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll [2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe [2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe [2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe [2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe [2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe [2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx [2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx [2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx [2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx [2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx [2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx [2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx [2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx [2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx [2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx [2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx [2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx [2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx [2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx [2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx [2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx [2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx [2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx [2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx [2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx [2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx [2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx [2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe [2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx [2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx [2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx [2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx [2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx [2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx [2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx [2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx [2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx [2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx [2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx [2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx [2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx [2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx [2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx [2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx [2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx [2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx [2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx [2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx [2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx [2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx [2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx [2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx [2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx [2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx [2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx [2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx [2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx [2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx [2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx [2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx [2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx [2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx [2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx [2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx [2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx [2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx [2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx [2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx [2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx [2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx [2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx [2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx [2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx [2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx [2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx [2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx [2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx [2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx [2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx [2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx [2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx [2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx [2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx [2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx [2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx [2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx [2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx [2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx [2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx [2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx [2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx [2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx [2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx [2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx [2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx [2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx [2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx [2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx [2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx [2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx [2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx [2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx [2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx [2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx [2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx [2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx [2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx [2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx [2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx [2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx [2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx [2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx [2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx [2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx [2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx [2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx [2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx [2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx [2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx [2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx [2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx [2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx [2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx [2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx [2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx [2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx [2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx [2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx [2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx [2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx [2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx [2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx [2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx [2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx [2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx [2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx [2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx [2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx [2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx [2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx [2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx [2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx [2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx [2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx [2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx [2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx [2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx [2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx [2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx [2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx [2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx [2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx [2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx [2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx [2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx [2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx [2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx [2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx [2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx [2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx [2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx [2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx [2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx [2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx [2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx [2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx [2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx [2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx [2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx [2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx [2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx [2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx [2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx [2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx [2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx [2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx [2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx [2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx [2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx [2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx [2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx [2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx [2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx [2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx [2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx [2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx [2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx [2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx [2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx [2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx [2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx [2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx [2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx [2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx [2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx [2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx [2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx [2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx [2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx [2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx [2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx [2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx [2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx [2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx [2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx [2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx [2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx [2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx [2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx [2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx [2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx [2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx [2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx [2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx [2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx [2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx [2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx [2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx [2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx [2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx [2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx [2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx [2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx [2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx [2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx [2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx [2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx [2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx [2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx [2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx [2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx [2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx [2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx [2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx [2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx [2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx [2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx [2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx [2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx [2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx [2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx [2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx [2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx [2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx [2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx [2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx [2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx [2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx [2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx [2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx [2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx [2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx [2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx [2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx [2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx [2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx [2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx [2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx [2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx [2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx [2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx [2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx [2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx [2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx [2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx [2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx [2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx [2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx [2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx [2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx [2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx [2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx [2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx [2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx [2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx [2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx [2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx [2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx [2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx [2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx [2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx [2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx [2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx [2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx [2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx [2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx [2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx [2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx [2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx [2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx [2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx [2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx [2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx [2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx [2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx [2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx [2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx [2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx [2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx [2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx [2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx [2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx [2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx [2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx [2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx [2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx [2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx [2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx [2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx [2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx [2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx [2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx [2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx [2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx [2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx [2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx [2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx [2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx [2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx [2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx [2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx [2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx [2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx [2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx [2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx [2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx [2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx [2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx [2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx [2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx [2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx [2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx [2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx [2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx [2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx [2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx [2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx [2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx [2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe [2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx [2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx [2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx [2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx [2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx [2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx [2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx [2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx [2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx [2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx [2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx [2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx [2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx [2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx [2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx [2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx [2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx [2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx [2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx [2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx [2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx [2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx [2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx [2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx [2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx [2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx [2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx [2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx [2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx [2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx [2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx [2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx [2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx [2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx [2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx [2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx [2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx [2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx [2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx [2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx [2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx [2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx [2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx [2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx [2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx [2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx [2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx [2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx [2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx [2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx [2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx [2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx [2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx [2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx [2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx [2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx [2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx [2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx [2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx [2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx [2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx [2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx [2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx [2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx [2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx [2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx [2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx [2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx [2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx [2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx [2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx [2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx [2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx [2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx [2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx [2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx [2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx [2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx [2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx [2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx [2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx [2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx [2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx [2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx [2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx [2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx [2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx [2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx [2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx [2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx [2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx [2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx [2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx [2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx [2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx [2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx [2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx [2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx [2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx [2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx [2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx [2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx [2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx [2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx [2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx [2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx [2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx [2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx [2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx [2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx [2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx [2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx [2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx [2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx [2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx [2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx [2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx [2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx [2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx [2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx [2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx [2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx [2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx [2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx [2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx [2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx [2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx [2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx [2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx [2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx [2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx [2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx [2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx [2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx [2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx [2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx [2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx [2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx [2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx [2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx [2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx [2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx [2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx [2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx [2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx [2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx [2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx [2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx [2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx [2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx [2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx [2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx [2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx [2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx [2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx [2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx [2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx [2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx [2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx [2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx [2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll [2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll [2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll [2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll [2012/08/30 17:52:19 | 000,002,361 | ---- | C] () -- C:\WINDOWS\scives.exe [2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll [2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe [2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll [2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll [2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar [2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff [2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl [2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert [2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state [2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties [2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties [2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties [2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 40 bytes -> C:\Runonce:NUL @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF < End of report >
  19. Hi D-Fred-Brown, Please see below for OTL results: OTL logfile created on: 2013/05/31 09:21:22 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.27% Memory free 5.84 Gb Paging File | 3.98 Gb Available in Paging File | 68.18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 231.75 Gb Total Space | 60.90 Gb Free Space | 26.28% Space Free | Partition Type: NTFS Drive D: | 464.73 Gb Total Space | 305.40 Gb Free Space | 65.72% Space Free | Partition Type: NTFS Drive E: | 464.73 Gb Total Space | 276.48 Gb Free Space | 59.49% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/30 09:20:26 | 000,221,184 | ---- | M] () -- C:\WINDOWS\XXXXXX37654A81\svchsot.exe PRC - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe PRC - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe PRC - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe PRC - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe PRC - [2013/05/03 15:22:35 | 000,527,360 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\browser\spresrt.exe PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/01/20 13:03:04 | 000,856,064 | ---- | M] (www.gotop.org) -- c:\WINDOWS\mui\browser\GOTOPBR.EXE PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe PRC - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) -- C:\WINDOWS\system32\sysmgt.exe PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll PRC - [2006/04/14 20:10:48 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2005/03/24 18:26:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\W3WP.EXE PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe PRC - [2005/03/24 18:09:18 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\OSK.EXE PRC - [2005/03/24 18:07:44 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net1.exe PRC - [2005/03/24 18:07:44 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\net1.exe PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/03/24 17:57:54 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CMD.EXE PRC - [2005/03/24 17:56:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WS.EXE PRC - [2005/03/24 17:56:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\WE.EXE PRC - [2005/03/24 17:56:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CS.EXE PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2013/05/30 09:20:26 | 000,221,184 | ---- | M] () -- C:\WINDOWS\XXXXXX37654A81\svchsot.exe MOD - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe MOD - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe MOD - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe MOD - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll MOD - [2013/01/20 13:03:04 | 001,381,888 | ---- | M] () -- c:\WINDOWS\mui\browser\mozjs.dll MOD - [2013/01/20 07:03:04 | 001,381,888 | ---- | M] () -- C:\WINDOWS\Debug\browser\mozjs.dll MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll MOD - [2006/09/29 10:40:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Common Files\ESRI\Raster\bin\ntx86\znglib.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll MOD - [2005/03/24 17:55:32 | 000,378,368 | ---- | M] () -- \\?\C:\WINDOWS\System32\inetsrv\asp.dll MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv) SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (SharedAccess) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP) SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO) SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener) SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\svchest.exe -- (Defghi Klmnopqr Tuv) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa) SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde) SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5) SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Themer.exe -- (Themer) SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer) SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash) SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL) SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv) SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto) SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service) SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc) SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service) SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service) SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983) SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server) SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector) SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl) SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter) SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService) SRV - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) [Auto | Running] -- C:\WINDOWS\system32\sysmgt.exe -- (sysmgt) SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb) SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService) SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr) SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm) SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis) SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS) SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv) SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs) SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs) SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.) SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr) SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ) SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0) SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0) SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo) DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT) DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB) DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt) DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv) DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver) DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...65018_76_hao_pg IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/09/08 09:50:02 | 000,000,000 | ---D | M] [2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.126 dpmserver.mhp.co.za O1 - Hosts: 192.168.0.23 blesbok O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [ QQPCTray] File not found O4 - HKLM..\Run: [360Safetray] File not found O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation) O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found O4 - HKLM..\Run: [dsa] C:\RECYCLER\woai.exe File not found O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKLM..\Run: [fasd] C:\RECYCLER\woai.exe File not found O4 - HKLM..\Run: [jhecryz] C:\WINDOWS\Resources\smscvc.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KVMON] File not found O4 - HKLM..\Run: [KVXP] File not found O4 - HKLM..\Run: [kxesc] File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found O4 - HKLM..\Run: [QQPCTray] File not found O4 - HKLM..\Run: [RavTRAY] File not found O4 - HKLM..\Run: [RISTRAY] File not found O4 - HKLM..\Run: [shell] C:\WINDOWS\123.exe () O4 - HKLM..\Run: [shStatEXE] File not found O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe () O4 - HKLM..\Run: [XXXXXX37654A81] C:\WINDOWS\XXXXXX37654A81\svchsot.exe () O4 - HKLM..\Run: [zvary] C:\windows\msapps\msinfo\wyhtday.exe File not found O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\.DEFAULT..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\S-1-5-18..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software) O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.3.cab (DLM Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\Explorer.exe () O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O27 - HKLM IFEO\360rp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360rps.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360Safe.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360sd.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\360tray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kavstart.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kissvc.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KsafeTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KSWebShield.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVMonXP.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVMonXP.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\KVSrvXp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\kvxp.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\Kwatch.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found O27 - HKLM IFEO\QQPCRTP.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\QQPCTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\ravmond.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\RSTRAY.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\SHSTAT.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O27 - HKLM IFEO\Storm.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/30 09:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX37654A81 [2013/05/30 08:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2013/05/29 05:48:06 | 000,500,680 | ---- | C] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rumjow odsgi [2013/05/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/05/24 11:01:37 | 025,817,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller [2013/05/24 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/05/24 09:48:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:42:34 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\INISet [2013/05/24 09:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao [2013/05/24 05:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KingSoft [2013/05/24 05:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent [2013/05/24 05:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wuji [2013/05/24 05:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\liebao [2013/05/23 22:18:32 | 000,079,360 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:01 | 000,256,988 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe [2013/05/10 12:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2013/05/10 12:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HC_logs [2013/05/10 12:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gotop [2013/05/09 14:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Network [2013/05/09 12:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinCmder [2013/05/06 14:00:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe [2013/05/04 17:16:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WS.EXE [2013/05/04 17:16:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CS.EXE [2013/05/04 15:16:34 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xet1.exe [2013/05/04 15:16:34 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xtp.exe [2013/05/04 15:16:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xacls.exe [2013/05/04 13:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/31 01:54:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job [2013/05/31 01:00:18 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job [2013/05/31 00:19:26 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini [2013/05/31 00:19:25 | 000,001,335 | ---- | M] () -- C:\WINDOWS\System32\rpcserver32.dll [2013/05/31 00:16:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/05/30 17:14:02 | 000,000,000 | ---- | M] () -- C:\hex1.exe [2013/05/30 17:13:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex1.exe [2013/05/30 16:02:28 | 000,022,528 | ---- | M] () -- C:\WINDOWS\arp.vbs [2013/05/30 16:00:49 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\hexExplorer.exe [2013/05/30 11:40:35 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 10:56:54 | 000,088,064 | ---- | M] () -- C:\WINDOWS\System32\1.exe [2013/05/30 10:35:50 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat [2013/05/30 10:35:12 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat [2013/05/30 09:20:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\37654A81 [2013/05/30 05:59:07 | 000,002,369 | ---- | M] () -- C:\WINDOWS\svchost.exe [2013/05/30 05:55:48 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\Explorer.exe [2013/05/29 16:51:47 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb [2013/05/29 16:51:46 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf [2013/05/29 16:08:54 | 000,000,000 | ---- | M] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 11:39:32 | 000,000,000 | ---- | M] () -- C:\hex5.exe [2013/05/29 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex5.exe [2013/05/29 07:49:46 | 000,000,000 | ---- | M] () -- C:\Program Files\7b [2013/05/29 07:01:30 | 000,032,120 | ---- | M] () -- C:\WINDOWS\123.exe [2013/05/29 05:48:06 | 000,500,680 | ---- | M] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe [2013/05/29 05:45:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf [2013/05/29 05:45:28 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\back.dat [2013/05/29 05:39:03 | 000,002,006 | ---- | M] () -- C:\WINDOWS\1.exe [2013/05/29 05:07:49 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf [2013/05/28 08:37:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job [2013/05/26 10:28:08 | 000,000,000 | ---- | M] () -- C:\hexaqypm.exe [2013/05/26 10:28:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexaqypm.exe [2013/05/26 00:04:25 | 000,002,396 | ---- | M] () -- C:\WINDOWS\aoxiang.exe [2013/05/24 11:02:56 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/05/24 10:53:17 | 025,817,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe [2013/05/24 09:49:03 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk [2013/05/24 09:43:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\revosetup.exe [2013/05/24 09:43:04 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap [2013/05/24 05:30:16 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\cxg13.bat [2013/05/24 05:29:44 | 000,000,725 | ---- | M] () -- C:\WINDOWS\System32\censoredgo.inf [2013/05/24 05:01:24 | 000,002,350 | ---- | M] () -- C:\WINDOWS\FULL.exe [2013/05/23 22:18:32 | 000,079,360 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe [2013/05/22 00:53:36 | 000,002,369 | ---- | M] () -- C:\WINDOWS\taskmgr.exe [2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk [2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe [2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe [2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe [2013/05/18 21:30:05 | 000,000,500 | ---- | M] () -- C:\5368.vbs [2013/05/18 11:12:28 | 000,002,350 | ---- | M] () -- C:\WINDOWS\QQGameMgr.exe [2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat [2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$ [2013/05/07 22:39:11 | 000,000,149 | ---- | M] () -- C:\WINDOWS\System32\sa.bat [2013/05/06 22:21:10 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\zynet2.0.exe [2013/05/06 22:20:53 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onfnet2.dat [2013/05/06 14:54:44 | 000,007,176 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2013/05/04 17:18:43 | 000,001,811 | ---- | M] () -- C:\WINDOWS\System32\hex2.exe [2013/05/04 17:16:39 | 000,014,208 | ---- | M] () -- C:\WINDOWS\System32\K3d_Driver.sys [2013/05/04 15:16:32 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\win.bat [2013/05/04 15:16:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\VER.DLL [2013/05/04 13:54:52 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/30 17:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex1.exe [2013/05/30 11:40:32 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\37654A81.key [2013/05/30 10:56:50 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\1.exe [2013/05/30 09:20:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\37654A81 [2013/05/30 05:59:19 | 000,022,528 | ---- | C] () -- C:\WINDOWS\arp.vbs [2013/05/30 05:59:07 | 000,002,369 | ---- | C] () -- C:\WINDOWS\svchost.exe [2013/05/30 05:57:52 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\hexExplorer.exe [2013/05/30 05:55:45 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Explorer.exe [2013/05/29 16:08:54 | 000,000,000 | ---- | C] () -- C:\hexapym.exe [2013/05/29 16:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexapym.exe [2013/05/29 07:01:30 | 000,032,120 | ---- | C] () -- C:\WINDOWS\123.exe [2013/05/29 05:45:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\back.dat [2013/05/29 05:39:03 | 000,002,006 | ---- | C] () -- C:\WINDOWS\1.exe [2013/05/29 04:04:46 | 000,000,000 | ---- | C] () -- C:\hex5.exe [2013/05/29 04:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex5.exe [2013/05/28 22:52:29 | 000,000,000 | ---- | C] () -- C:\hex1.exe [2013/05/26 09:52:47 | 000,000,000 | ---- | C] () -- C:\hexaqypm.exe [2013/05/26 09:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexaqypm.exe
  20. Hi D-Fred-Brown, I ran the scan, the result is that : "Your PC is infected with Generic.Malware.Yd.7C7AB525 Clean your computer with Bitdefender Internet Security 2013! There is a Free download button. Thanks for the help.
  21. Hi D-Fred-Brown, The scan finished. Please see below for ESETScan report: C:\WINDOWS\ime\web7b.ini Win32/Farfli.YY trojan deleted - quarantined C:\WINDOWS\system32\bootbozimsxm.exe probably unknown NewHeur_PE virus deleted - quarantined C:\WINDOWS\system32\coolnet.exe a variant of Win32/Farfli.VQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexdk.exe a variant of Win32/Kryptik.NX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexixepress.exe a variant of Win32/Farfli.TB trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexk.exe a variant of Win32/Kryptik.NX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexmaike20202.EXE a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexopera.exe a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexscker.exe a variant of Win32/Farfli.YN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\hexscvost.exe a variant of Win32/Farfli.YN trojan deleted - quarantined C:\WINDOWS\system32\hexYqrstuvwx_LEY.exe a variant of Win32/Farfli.WT trojan cleaned by deleting - quarantined C:\WINDOWS\system32\panti.exe Win32/Packed.Themida.C trojan deleted - quarantined C:\WINDOWS\system32\st37.com a variant of Win32/Farfli.SU trojan deleted - quarantined C:\WINDOWS\system32\st37.exe a variant of Win32/Farfli.SU trojan deleted - quarantined C:\WINDOWS\system32\sta1g.exe a variant of Win32/Farfli.TB trojan cleaned by deleting - quarantined C:\WINDOWS\system32\stbozimsxm.exe probably unknown NewHeur_PE virus deleted - quarantined C:\WINDOWS\system32\stixepress.exe a variant of Win32/Farfli.TB trojan cleaned by deleting - quarantined C:\WINDOWS\system32\stSB360.exe a variant of Win32/Farfli.TG trojan cleaned by deleting - quarantined C:\WINDOWS\system32\stscker.exe a variant of Win32/Farfli.YN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\stscvost.exe a variant of Win32/Farfli.YN trojan deleted - quarantined C:\WINDOWS\system32\Tmp43A9.tmp a variant of Win32/Agent.OWW trojan cleaned by deleting - quarantined C:\WINDOWS\system32\Tmp4544.tmp a variant of Win32/Agent.PQE trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpC37A.tmp a variant of Win32/Farfli.YG trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpC952.tmp a variant of Win32/Farfli.WT trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpC953.tmp a variant of Win32/Farfli.WT trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpC954.tmp a variant of Win32/Farfli.WT trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCB44.tmp a variant of Win32/Farfli.NG trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCB45.tmp a variant of Win32/Farfli.NG trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCB46.tmp a variant of Win32/Farfli.NG trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCD77.tmp a variant of Win32/Farfli.VQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCD78.tmp a variant of Win32/Farfli.VQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpCE5B.tmp a variant of Win32/Farfli.TX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD4E3.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD4E4.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD50B.tmp a variant of Win32/Redosdru.JQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD50C.tmp a variant of Win32/Redosdru.JQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD50D.tmp a variant of Win32/Redosdru.JQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD524.tmp a variant of Win32/Farfli.TJ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD525.tmp a variant of Win32/Farfli.TJ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD526.tmp a variant of Win32/Farfli.TJ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD5AE.tmp a variant of Win32/Agent.PQE trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD5AF.tmp a variant of Win32/Agent.PQE trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD5B0.tmp a variant of Win32/Agent.PQE trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD8FA.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD915.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD916.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpD917.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDA1C.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDA1D.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDA1E.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDC69.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDC6A.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDC6B.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDD8D.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDD8E.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDD8F.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDF68.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDF69.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpDF6A.tmp a variant of Win32/Farfli.NQ trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE0FD.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE0FE.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE123.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE124.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE125.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE144.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE145.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE146.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE186.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE187.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2BD.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2BE.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2BF.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2C2.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2C3.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2C4.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E1.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E2.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E3.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E6.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E7.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE2E8.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE30E.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE30F.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE310.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE32D.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE32E.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE32F.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE330.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE331.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE332.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE335.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE336.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE337.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE354.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE355.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE356.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE359.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE37B.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE37C.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE37D.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE39A.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE39B.tmp a variant of Win32/Farfli.SN trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE39E.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE39F.tmp a variant of Win32/Farfli.WX trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE446.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE447.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE448.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE46A.tmp a variant of Win32/Zeleffo.A trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE46B.tmp a variant of Win32/Zeleffo.A trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE46C.tmp a variant of Win32/Zeleffo.A trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE489.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE48A.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE48B.tmp a variant of Win32/ServStart.AD trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE6ED.tmp a variant of Win32/Farfli.DA trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE6EE.tmp a variant of Win32/Farfli.DA trojan cleaned by deleting - quarantined C:\WINDOWS\system32\TmpE6F1.tmp a variant of Win32/Farfli.DA trojan cleaned by deleting - quarantined This is the report from the log file: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=7.00.5730.11 (winmain(wmbla).061017-1135) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0eecfe2401ca8f448953d98d6edf8b22 # engine=13941 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-29 11:38:39 # local_time=2013-05-29 01:38:39 (+0200, South Africa Standard Time) # country="South Africa" # lang=1033 # osver=5.2.3790 NT Service Pack 1 # compatibility_mode=8196 16776701 100 100 58200 114928041 0 0 # scanned=598195 # found=116 # cleaned=116 # scan_time=19676 # nod_component=V3 Build:0x30000000 sh=A29CB896E842304024CDF87D2EBCCFAB708B9661 ft=1 fh=ed9099a4936ef8bd vn="Win32/Farfli.YY trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\ime\web7b.ini" sh=71A5DA42807DBD40211010133F64F9973EDDA1D1 ft=1 fh=f00945339fadac48 vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\bootbozimsxm.exe" sh=D04190CC925FE1436972B767E975AF085E1C4C17 ft=1 fh=a37a17b249691132 vn="a variant of Win32/Farfli.VQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\coolnet.exe" sh=319DD0B5D07E143BE3BA41DF87EE1D34B9B6BCA8 ft=1 fh=c9612a6cc32c6886 vn="a variant of Win32/Kryptik.NX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexdk.exe" sh=6E3BAE98D02F34682B3604B5BBEA8ECBD3267105 ft=1 fh=d0a6c7f8eb881b32 vn="a variant of Win32/Farfli.TB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexixepress.exe" sh=246560283A256B3EF165BE2331D5CC6A21E9FE83 ft=1 fh=ce16187946ce83ed vn="a variant of Win32/Kryptik.NX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexk.exe" sh=0C3DFEC7A10519093C16A9D5A37C5AEBD64CF43F ft=1 fh=792ff5dcc67e3bc1 vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexmaike20202.EXE" sh=F0DA72CC6FE10932C5C95CEAC9BF413DE0516709 ft=1 fh=08fd564643bd4b53 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexopera.exe" sh=29CFAD8C04A17D158B0572B9B938802BEAA08675 ft=1 fh=9fbb6204b7ebd5a9 vn="a variant of Win32/Farfli.YN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexscker.exe" sh=BC220160BD3CA2EF8472339C91FDFD6194F2C22F ft=1 fh=f8814b92ef381170 vn="a variant of Win32/Farfli.YN trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\hexscvost.exe" sh=445CF744CB3A81110326DBFA09D5C41DF61B25ED ft=1 fh=0fbfe429a87fb5ec vn="a variant of Win32/Farfli.WT trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\hexYqrstuvwx_LEY.exe" sh=EA67101E8ED34F8AE882535826AEE14CE30096B6 ft=1 fh=a1e3fc68f697fc29 vn="Win32/Packed.Themida.C trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\panti.exe" sh=420BD5A1DE96D042D86A0F2B9D90FE1FE60B633E ft=1 fh=6279b2c03ab1cf82 vn="a variant of Win32/Farfli.SU trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\st37.com" sh=FC0E26E53D17116EDE44C01FFF5C079A14818229 ft=1 fh=66308e8aa2ccffe5 vn="a variant of Win32/Farfli.SU trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\st37.exe" sh=7FF3317E2D4EDAC5B32CF0BC4D32535676CE42D4 ft=1 fh=63be3e20075148c9 vn="a variant of Win32/Farfli.TB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\sta1g.exe" sh=71A5DA42807DBD40211010133F64F9973EDDA1D1 ft=1 fh=f00945339fadac48 vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\stbozimsxm.exe" sh=6E3BAE98D02F34682B3604B5BBEA8ECBD3267105 ft=1 fh=d0a6c7f8eb881b32 vn="a variant of Win32/Farfli.TB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\stixepress.exe" sh=A583CB1B29D83C76A570C6B7ECA387A4248E09A4 ft=1 fh=6c3e154e17b23311 vn="a variant of Win32/Farfli.TG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\stSB360.exe" sh=29CFAD8C04A17D158B0572B9B938802BEAA08675 ft=1 fh=9fbb6204b7ebd5a9 vn="a variant of Win32/Farfli.YN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\stscker.exe" sh=BC220160BD3CA2EF8472339C91FDFD6194F2C22F ft=1 fh=f8814b92ef381170 vn="a variant of Win32/Farfli.YN trojan (deleted - quarantined)" ac=C fn="C:\WINDOWS\system32\stscvost.exe" sh=A791A40F0A6782C1BF4AC2BFE58C4A7885BBF2E3 ft=1 fh=8558e6f29cb68b70 vn="a variant of Win32/Agent.OWW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\Tmp43A9.tmp" sh=8563EF4D2FE872F96F0335A3EF0B070057BAC424 ft=1 fh=d38dceee11da5aa4 vn="a variant of Win32/Agent.PQE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\Tmp4544.tmp" sh=D71A8EBDF58F04EA984A890334F2CF2EA86977E5 ft=1 fh=ba84ea160e83a37f vn="a variant of Win32/Farfli.YG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpC37A.tmp" sh=3B5BE749D53EE911E76369E034527A20EF6B7C56 ft=1 fh=da63ab986f392d3b vn="a variant of Win32/Farfli.WT trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpC952.tmp" sh=3B5BE749D53EE911E76369E034527A20EF6B7C56 ft=1 fh=da63ab986f392d3b vn="a variant of Win32/Farfli.WT trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpC953.tmp" sh=3B5BE749D53EE911E76369E034527A20EF6B7C56 ft=1 fh=da63ab986f392d3b vn="a variant of Win32/Farfli.WT trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpC954.tmp" sh=0EA567A7F7B5292A87AB101E0FB5F8302CF1CE2C ft=1 fh=3af939c84a380371 vn="a variant of Win32/Farfli.NG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCB44.tmp" sh=0EA567A7F7B5292A87AB101E0FB5F8302CF1CE2C ft=1 fh=3af939c84a380371 vn="a variant of Win32/Farfli.NG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCB45.tmp" sh=0EA567A7F7B5292A87AB101E0FB5F8302CF1CE2C ft=1 fh=3af939c84a380371 vn="a variant of Win32/Farfli.NG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCB46.tmp" sh=0300928422E11CB6E31B4039849D8E81736DD5C6 ft=1 fh=10e716de8e4a5525 vn="a variant of Win32/Farfli.VQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCD77.tmp" sh=0300928422E11CB6E31B4039849D8E81736DD5C6 ft=1 fh=10e716de8e4a5525 vn="a variant of Win32/Farfli.VQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCD78.tmp" sh=6599EF5D60AD1E052AC380B397B6D03EDAED95B4 ft=1 fh=780f2b4eb6904902 vn="a variant of Win32/Farfli.TX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpCE5B.tmp" sh=EB1244B7F10E8555FB0D4E509A70E679D8632F35 ft=1 fh=e22906037843ab71 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD4E3.tmp" sh=EB1244B7F10E8555FB0D4E509A70E679D8632F35 ft=1 fh=e22906037843ab71 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD4E4.tmp" sh=E6F7BF1733B6C96AEC6022881AA87CDD8E112A5C ft=1 fh=2cb9a05db1be6bf6 vn="a variant of Win32/Redosdru.JQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD50B.tmp" sh=E6F7BF1733B6C96AEC6022881AA87CDD8E112A5C ft=1 fh=2cb9a05db1be6bf6 vn="a variant of Win32/Redosdru.JQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD50C.tmp" sh=E6F7BF1733B6C96AEC6022881AA87CDD8E112A5C ft=1 fh=2cb9a05db1be6bf6 vn="a variant of Win32/Redosdru.JQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD50D.tmp" sh=7CE95B760B6E6F90E56766303D71785C8D061529 ft=1 fh=3be847e6bbd139cd vn="a variant of Win32/Farfli.TJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD524.tmp" sh=7CE95B760B6E6F90E56766303D71785C8D061529 ft=1 fh=3be847e6bbd139cd vn="a variant of Win32/Farfli.TJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD525.tmp" sh=7CE95B760B6E6F90E56766303D71785C8D061529 ft=1 fh=3be847e6bbd139cd vn="a variant of Win32/Farfli.TJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD526.tmp" sh=58811A133D60942ADEC624D82292506577406FF4 ft=1 fh=942a0e3bd47c83d1 vn="a variant of Win32/Agent.PQE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD5AE.tmp" sh=58811A133D60942ADEC624D82292506577406FF4 ft=1 fh=942a0e3bd47c83d1 vn="a variant of Win32/Agent.PQE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD5AF.tmp" sh=58811A133D60942ADEC624D82292506577406FF4 ft=1 fh=942a0e3bd47c83d1 vn="a variant of Win32/Agent.PQE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD5B0.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD8FA.tmp" sh=555F3A106EC4A680010A90F82B05FCD8C7A4E562 ft=1 fh=db187eb80289f593 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD915.tmp" sh=555F3A106EC4A680010A90F82B05FCD8C7A4E562 ft=1 fh=db187eb80289f593 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD916.tmp" sh=555F3A106EC4A680010A90F82B05FCD8C7A4E562 ft=1 fh=db187eb80289f593 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpD917.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDA1C.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDA1D.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDA1E.tmp" sh=6ADC3A5C1C8705F9C61A2D45B66D7F962B08D8A8 ft=1 fh=fb9a23eac04ac278 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDC69.tmp" sh=6ADC3A5C1C8705F9C61A2D45B66D7F962B08D8A8 ft=1 fh=fb9a23eac04ac278 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDC6A.tmp" sh=6ADC3A5C1C8705F9C61A2D45B66D7F962B08D8A8 ft=1 fh=fb9a23eac04ac278 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDC6B.tmp" sh=D0F689655F4733BBC38E8D49A336658426736372 ft=1 fh=64a5d6265525c729 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDD8D.tmp" sh=D0F689655F4733BBC38E8D49A336658426736372 ft=1 fh=64a5d6265525c729 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDD8E.tmp" sh=D0F689655F4733BBC38E8D49A336658426736372 ft=1 fh=64a5d6265525c729 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDD8F.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDF68.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDF69.tmp" sh=290332263D612C11179952389334179EC4024111 ft=1 fh=5c49f4163bd66fa9 vn="a variant of Win32/Farfli.NQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpDF6A.tmp" sh=446731BE202BB9380065C4DF1AC07D7F731EB7E2 ft=1 fh=dc021e8b24a752e1 vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE0FD.tmp" sh=446731BE202BB9380065C4DF1AC07D7F731EB7E2 ft=1 fh=dc021e8b24a752e1 vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE0FE.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE123.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE124.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE125.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE144.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE145.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE146.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE186.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE187.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2BD.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2BE.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2BF.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2C2.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2C3.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2C4.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E1.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E2.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E3.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E6.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E7.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE2E8.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE30E.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE30F.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE310.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE32D.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE32E.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE32F.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE330.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE331.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE332.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE335.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE336.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE337.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE354.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE355.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE356.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE359.tmp" sh=59BBE1CB1CF67311D0AE756F8B6E8F660E6BBCDC ft=1 fh=f6019bb1f311f498 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE37B.tmp" sh=59BBE1CB1CF67311D0AE756F8B6E8F660E6BBCDC ft=1 fh=f6019bb1f311f498 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE37C.tmp" sh=59BBE1CB1CF67311D0AE756F8B6E8F660E6BBCDC ft=1 fh=f6019bb1f311f498 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE37D.tmp" sh=F0DA72CC6FE10932C5C95CEAC9BF413DE0516709 ft=1 fh=08fd564643bd4b53 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE39A.tmp" sh=F0DA72CC6FE10932C5C95CEAC9BF413DE0516709 ft=1 fh=08fd564643bd4b53 vn="a variant of Win32/Farfli.SN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE39B.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE39E.tmp" sh=049B39FBD8D77AA59F6FE6728D5CA3FD1F57B07E ft=1 fh=c035b4e2479068c7 vn="a variant of Win32/Farfli.WX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE39F.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE446.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE447.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE448.tmp" sh=C6FDA4256E1BB582BDEFF6132C95DB20DE37DA00 ft=1 fh=bf00cb60d539f628 vn="a variant of Win32/Zeleffo.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE46A.tmp" sh=C6FDA4256E1BB582BDEFF6132C95DB20DE37DA00 ft=1 fh=bf00cb60d539f628 vn="a variant of Win32/Zeleffo.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE46B.tmp" sh=C6FDA4256E1BB582BDEFF6132C95DB20DE37DA00 ft=1 fh=bf00cb60d539f628 vn="a variant of Win32/Zeleffo.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE46C.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE489.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE48A.tmp" sh=0215D450DA16965D095B025DC45F59C36B288DDA ft=1 fh=694eeba69637b1de vn="a variant of Win32/ServStart.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE48B.tmp" sh=B2DA639CB38FC23CB22ED9D18480C5289A50AF8A ft=1 fh=d88af39e0cd76574 vn="a variant of Win32/Farfli.DA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE6ED.tmp" sh=B2DA639CB38FC23CB22ED9D18480C5289A50AF8A ft=1 fh=d88af39e0cd76574 vn="a variant of Win32/Farfli.DA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE6EE.tmp" sh=B2DA639CB38FC23CB22ED9D18480C5289A50AF8A ft=1 fh=d88af39e0cd76574 vn="a variant of Win32/Farfli.DA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\TmpE6F1.tmp"
  22. Hi D-Fred-Brown, The scan finished. Please see below: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.28.01 Windows Server 2003 Service Pack 1 x86 NTFS Internet Explorer 7.0.5730.11 Administrator :: DRAGON [administrator] 5/28/2013 8:30:14 AM mbam-log-2013-05-28 (08-30-14).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 928225 Time elapsed: 4 hour(s), 24 minute(s), 6 second(s) Memory Processes Detected: 1 C:\WINDOWS\system32\server.exe (Trojan.Agent) -> 4556 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\DeBuGjrq (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|shell (Trojan.Agent) -> Data: C:\windows\123.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|server (Trojan.Agent) -> Data: C:\windows\system32\server.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 15 C:\RECYCLER\hexInternet.exe (Trojan.ServStart) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3652302946-4094972055-3012646909-500\Dc6.1\DUBrute.exe (PUP.HackTool.BruteForce) -> Quarantined and deleted successfully. C:\Documents and Settings\hexInternet.exe (Trojan.ServStart) -> Quarantined and deleted successfully. C:\Documents and Settings\admin.DRAGON.000\Local Settings\Temporary Internet Files\Content.IE5\VJB5NLGY\setup_open_2096[1].exe (Trojan.Downloader.Small) -> Quarantined and deleted successfully. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\VJB5NLGY\setup_open_2096[1].exe (Trojan.Downloader.Small) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hexseer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TmpE6EF.tmp (Backdoor.Farfli) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hexInternet.exe (Trojan.ServStart) -> Quarantined and deleted successfully. C:\WINDOWS\Web\setup_open_2096.exe (Trojan.Downloader.Small) -> Quarantined and deleted successfully. C:\RECYCLER\hex1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hex350sb.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\hexaqypm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\123.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\server.exe (Trojan.Agent) -> Delete on reboot. (end)
  23. Hi D-Fred-Brown, I logged onto the Server this morning but it was restarted by User32 (Oo) at 12:13am. I checked Mbam but no logs were saved. I have manually removed all fake user accounts, updated mbam and going to run another scan. I also noticed that the cpu usage is at 100% and in task manager you don't see what is using all the resources. I noticed an odd program about 15 entries running. and about 20 entries running cmd.exe. i ended the task for that program and the CPU usage is back down to normal levels. We have 3 hard drives on this PC, i have selected to do a full scan and to scan all 3 drives. Will keep you posted.
  24. Hi D-Fred-Brown, I started the scan this morning, its still running. I will post the results as soon as its completed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.