Infected with BAT/TrojanDownloader.Ftp.NOK Trojan

necro007 · May 20, 2013

Hi,

I have a PC installed with Windows Server 2003, Service pack 1.

I have run Malwarebytes and it has removed most of the infections.

What i have noticed is that in the users/Groups section in Computer management, there are weird accounts being created. I can remove them but they come back.

I can't run dds as it says my OS is not supported.

Thanks for the help.

D-FRED-BROWN · May 22, 2013

Hello necro007 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Change the "Extra Registry" option to "SafeList"
[*]Push the button.
[*]Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 2----------------

In your next reply, please include the following:

OTL.txt & Extra.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

necro007 · May 23, 2013

Hi D-FRED-BROWN,

Thank you for the help. I'm busy running the scan now. I will post the results as soon as it is finished.

Not sure if this makes a difference but the server is a Host for some websites.

D-FRED-BROWN · May 23, 2013

Not sure if this makes a difference but the server is a Host for some websites.

It shouldn't matter, but I would definitely take the time to back up anything you wouldn't want to lose.

necro007 · May 23, 2013

Hi D-FRED-BROWN, can i make a backup while OTL is running or should i wait till it is finished?

D-FRED-BROWN · May 23, 2013

I would wait until it's finished.

necro007 · May 23, 2013

<p>Hi D-FRED-Brown,</p>

<p>Please see OLT.txt report below:</p>

<div>OTL logfile created on: 5/23/2013 9:00:49 AM - Run 1</div>

<div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop</div>

<div>Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer</div>

<div>Internet Explorer (Version = 7.0.5730.11)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div>4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.67% Memory free</div>

<div>5.84 Gb Paging File | 4.24 Gb Available in Paging File | 72.71% Paging File free</div>

<div>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]</div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 231.75 Gb Total Space | 62.25 Gb Free Space | 26.86% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 464.73 Gb Total Space | 318.20 Gb Free Space | 68.47% Space Free | Partition Type: NTFS</div>

<div>Drive E: | 464.73 Gb Total Space | 276.53 Gb Free Space | 59.50% Space Free | Partition Type: NTFS</div>

<div>Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div>========== Processes (SafeList) ==========</div>

<div>PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe</div>

<div>PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe</div>

<div>PRC - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe</div>

<div>PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe</div>

<div>PRC - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe</div>

<div>PRC - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe</div>

<div>PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe</div>

<div>PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe</div>

<div>PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe</div>

<div>PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe</div>

<div>PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe</div>

<div>PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe</div>

<div>PRC - [2013/04/28 18:12:48 | 001,078,018 | ---- | M] () -- C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe</div>

<div>PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe</div>

<div>PRC - [2013/01/20 13:03:04 | 000,856,064 | ---- | M] (www.gotop.org) -- c:\WINDOWS\mui\browser\GOTOPBR.EXE</div>

<div>PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe</div>

<div>PRC - [2012/05/14 10:47:16 | 000,461,176 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe</div>

<div>PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe</div>

<div>PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe</div>

<div>PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE</div>

<div>PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe</div>

<div>PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe</div>

<div>PRC - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) -- C:\WINDOWS\system32\sysmgt.exe</div>

<div>PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll</div>

<div>PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe</div>

<div>PRC - [2005/03/24 18:26:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\W3WP.EXE</div>

<div>PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe</div>

<div>PRC - [2005/03/24 18:08:26 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\NTVDM.EXE</div>

<div>PRC - [2005/03/24 18:06:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\LOGON.SCR</div>

<div>PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe</div>

<div>PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe</div>

<div>PRC - [2005/03/24 17:58:56 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\davcdata.exe</div>

<div>PRC - [2005/03/24 17:57:54 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CMD.EXE</div>

<div>PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe</div>

<div>PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe</div>

<div>PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe</div>

<div>PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe</div>

<div>========== Modules (No Company Name) ==========</div>

<div>MOD - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe</div>

<div>MOD - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe</div>

<div>MOD - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe</div>

<div>MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe</div>

<div>MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe</div>

<div>MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll</div>

<div>MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll</div>

<div>MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll</div>

<div>MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll</div>

<div>MOD - [2013/04/28 18:12:48 | 001,078,018 | ---- | M] () -- C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe</div>

<div>MOD - [2013/04/15 08:52:30 | 000,461,200 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.1058\tipsclient.dll</div>

<div>MOD - [2013/04/15 08:52:14 | 000,088,008 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.1058\tipsdone.dll</div>

<div>MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll</div>

<div>MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll</div>

<div>MOD - [2013/01/20 13:03:04 | 001,381,888 | ---- | M] () -- c:\WINDOWS\mui\browser\mozjs.dll</div>

<div>MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll</div>

<div>MOD - [2012/05/14 10:47:02 | 000,484,200 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.1058\MngModule.dll</div>

<div>MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll</div>

<div>MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll</div>

<div>MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll</div>

<div>MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll</div>

<div>MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll</div>

<div>MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll</div>

<div>MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll</div>

<div>MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll</div>

<div>MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll</div>

<div>MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll</div>

<div>MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll</div>

<div>MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE</div>

<div>MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll</div>

<div>MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll</div>

<div>MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll</div>

<div>MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll</div>

<div>MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll</div>

<div>MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll</div>

<div>MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll</div>

<div>MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll</div>

<div>MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll</div>

<div>MOD - [2005/03/24 18:04:28 | 000,241,664 | ---- | M] () -- \\?\C:\WINDOWS\System32\inetsrv\httpext.dll</div>

<div>MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll</div>

<div>MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe</div>

<div>MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe</div>

<div>MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe</div>

<div>MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe</div>

<div>========== Services (SafeList) ==========</div>

<div>SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv)</div>

<div>SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod)</div>

<div>SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP)</div>

<div>SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener)</div>

<div>SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa)</div>

<div>SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde)</div>

<div>SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)</div>

<div>SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Themer.exe -- (Themer)</div>

<div>SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)</div>

<div>SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)</div>

<div>SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)</div>

<div>SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)</div>

<div>SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto)</div>

<div>SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)</div>

<div>SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service)</div>

<div>SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc)</div>

<div>SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service)</div>

<div>SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service)</div>

<div>SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)</div>

<div>SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)</div>

<div>SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983)</div>

<div>SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server)</div>

<div>SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)</div>

<div>SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)</div>

<div>SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter)</div>

<div>SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)</div>

<div>SRV - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) [Auto | Running] -- C:\WINDOWS\system32\sysmgt.exe -- (sysmgt)</div>

<div>SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb)</div>

<div>SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)</div>

<div>SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)</div>

<div>SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)</div>

<div>SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr)</div>

<div>SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm)</div>

<div>SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)</div>

<div>SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS)</div>

<div>SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)</div>

<div>SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)</div>

<div>SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc)</div>

<div>SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)</div>

<div>SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)</div>

<div>SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)</div>

<div>SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)</div>

<div>SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)</div>

<div>SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.)</div>

<div>SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)</div>

<div>SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)</div>

<div>SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)</div>

<div>SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0)</div>

<div>SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0)</div>

<div>SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0)</div>

<div>SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)</div>

<div>========== Driver Services (SafeList) ==========</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)</div>

<div>DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)</div>

<div>DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)</div>

<div>DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH)</div>

<div>DRV - File not found [Kernel | System | Stopped] -- -- (Changer)</div>

<div>DRV - [2013/05/22 15:10:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)</div>

<div>DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)</div>

<div>DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)</div>

<div>DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)</div>

<div>DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)</div>

<div>DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)</div>

<div>DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)</div>

<div>DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt)</div>

<div>DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)</div>

<div>DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)</div>

<div>DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)</div>

<div>DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)</div>

<div>DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)</div>

<div>DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)</div>

<div>========== Standard Registry (SafeList) ==========</div>

<div>========== Internet Explorer ==========</div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>

<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm</div>

<div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm</div>

<div>IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>

<div>IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm</div>

<div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm</div>

<div>IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>

<div>IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>========== FireFox ==========</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation)</div>

<div>[2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions</div>

<div>O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>

<div>O1 - Hosts: 127.0.0.1 localhost</div>

<div>O1 - Hosts: 192.168.0.126<span class="Apple-tab-span" style="white-space:pre"> </span>dpmserver.mhp.co.za</div>

<div>O1 - Hosts: 192.168.0.23 blesbok</div>

<div>O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</div>

<div>O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen)</div>

<div>O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)</div>

<div>O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()</div>

<div>O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)</div>

<div>O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()</div>

<div>QQPCTray] File not found</div>

<div>O4 - HKLM..\Run: [ QQPCTray] File not found</div>

<div>O4 - HKLM..\Run: [360dffg] C:\WINDOWS\ime\cz.exe File not found</div>

<div>O4 - HKLM..\Run: [360Safetray] File not found</div>

<div>O4 - HKLM..\Run: [360Sbray] C:\Program Files\Rustu Wxyabc\Lfghij.exe ()</div>

<div>O4 - HKLM..\Run: [AutoRunExterminator] C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe (Inside Core)</div>

<div>O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found</div>

<div>O4 - HKLM..\Run: [cao] c:\windows\system32\wbem\osinter.exe File not found</div>

<div>O4 - HKLM..\Run: [dsa] C:\RECYCLER\c.exe File not found</div>

<div>O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)</div>

<div>O4 - HKLM..\Run: [fasd] C:\RECYCLER\c.exe File not found</div>

<div>O4 - HKLM..\Run: [fd2sds] C:\WINDOWS\ime\taskmgr.exe File not found</div>

<div>O4 - HKLM..\Run: [fsd3sw2] C:\WINDOWS\ime\taskmgr.exe File not found</div>

<div>O4 - HKLM..\Run: [ghdddhx] C:\WINDOWS\ime\cz.exe File not found</div>

<div>O4 - HKLM..\Run: [jhbddc] C:\WINDOWS\ime\cz.exe File not found</div>

<div>O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found</div>

<div>O4 - HKLM..\Run: [kuaia] C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\kuai365.exe File not found</div>

<div>O4 - HKLM..\Run: [KVMON] File not found</div>

<div>O4 - HKLM..\Run: [KVXP] File not found</div>

<div>O4 - HKLM..\Run: [kxesc] File not found</div>

<div>O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found</div>

<div>O4 - HKLM..\Run: [Name_Me_Please] File not found</div>

<div>O4 - HKLM..\Run: [QQPCTray] File not found</div>

<div>O4 - HKLM..\Run: [RavTRAY] File not found</div>

<div>O4 - HKLM..\Run: [RISTRAY] File not found</div>

<div>O4 - HKLM..\Run: [shell] C:\WINDOWS\taskmgr.exe ()</div>

<div>O4 - HKLM..\Run: [shStatEXE] File not found</div>

<div>O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe ()</div>

<div>O4 - HKLM..\Run: [yarder] C:\WINDOWS\msagent\msyzpys\wyhtdray.exe File not found</div>

<div>O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)</div>

<div>O4 - HKU\.DEFAULT..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)</div>

<div>O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)</div>

<div>O4 - HKU\S-1-5-18..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)</div>

<div>O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149</div>

<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149</div>

<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149</div>

<div>O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()</div>

<div>O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()</div>

<div>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found</div>

<div>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)</div>

<div>O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)</div>

<div>O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)</div>

<div>O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</div>

<div>O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)</div>

<div>O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</div>

<div>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)</div>

<div>O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found</div>

<div>O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found</div>

<div>O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div>[2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe</div>

<div>[2013/05/22 15:08:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</div>

<div>[2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe</div>

<div>[2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER</div>

<div>[2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun</div>

<div>[2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe</div>

<div>[2013/05/10 12:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla</div>

<div>[2013/05/10 12:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HC_logs</div>

<div>[2013/05/10 12:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gotop</div>

<div>[2013/05/09 14:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Network</div>

<div>[2013/05/09 12:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinCmder</div>

<div>[2013/05/06 14:00:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe</div>

<div>[2013/05/04 17:16:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WS.EXE</div>

<div>[2013/05/04 17:16:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CS.EXE</div>

<div>[2013/05/04 15:16:34 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xet1.exe</div>

<div>[2013/05/04 15:16:34 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xtp.exe</div>

<div>[2013/05/04 15:16:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xacls.exe</div>

<div>[2013/05/04 13:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8</div>

<div>[2013/04/25 09:19:05 | 021,276,851 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\eylrwiftqh</div>

<div>[2013/04/24 13:25:29 | 020,233,875 | ---- | C] (Kingsoft Corporation) -- C:\ndehmvpdxc</div>

<div>[2013/04/24 13:25:13 | 021,072,365 | ---- | C] (Kingsoft Corporation) -- C:\nwnsdmfloh</div>

<div>[2013/04/24 13:25:11 | 023,607,610 | ---- | C] (Kingsoft Corporation) -- C:\pjtftrcrlf</div>

<div>[2013/04/24 13:19:17 | 000,902,488 | ---- | C] (ACD Systems, Ltd.) -- C:\WINDOWS\System32\boot123.exe</div>

<div>[2013/04/24 07:09:31 | 000,749,400 | ---- | C] (Kingsoft Corporation) -- C:\oitbylwmmy</div>

<div>[2013/04/24 07:09:26 | 000,749,400 | ---- | C] (Kingsoft Corporation) -- C:\gxhvhwgdjk</div>

<div>[2013/04/24 07:09:21 | 022,584,027 | ---- | C] (Kingsoft Corporation) -- C:\gsdhivniyq</div>

<div>[2013/04/24 07:09:05 | 026,142,471 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\hjvindwmli</div>

<div>[2013/04/24 07:07:12 | 021,739,201 | ---- | C] (Kingsoft Corporation) -- C:\lvujcbpfxv</div>

<div>[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</div>

<div>[108 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</div>

<div>[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]</div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div>[2013/05/23 09:23:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job</div>

<div>[2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe</div>

<div>[2013/05/23 03:01:05 | 000,002,369 | ---- | M] () -- C:\WINDOWS\svchost.exe</div>

<div>[2013/05/23 02:46:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex360.exe</div>

<div>[2013/05/23 01:49:22 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job</div>

<div>[2013/05/23 01:00:16 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job</div>

<div>[2013/05/23 00:19:30 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini</div>

<div>[2013/05/23 00:19:29 | 000,001,335 | ---- | M] () -- C:\WINDOWS\System32\rpcserver32.dll</div>

<div>[2013/05/23 00:16:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>

<div>[2013/05/22 15:10:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</div>

<div>[2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe</div>

<div>[2013/05/22 08:23:36 | 000,103,936 | ---- | M] () -- C:\WINDOWS\System32\hexInternet.exe</div>

<div>[2013/05/22 00:53:36 | 000,002,369 | ---- | M] () -- C:\WINDOWS\taskmgr.exe</div>

<div>[2013/05/21 20:21:20 | 000,002,396 | ---- | M] () -- C:\WINDOWS\server.exe</div>

<div>[2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol</div>

<div>[2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk</div>

<div>[2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe</div>

<div>[2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe</div>

<div>[2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat</div>

<div>[2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe</div>

<div>[2013/05/18 11:12:28 | 000,002,350 | ---- | M] () -- C:\WINDOWS\QQGameMgr.exe</div>

<div>[2013/05/16 03:59:48 | 000,000,000 | ---- | M] () -- C:\Program Files\7b</div>

<div>[2013/05/16 03:50:02 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb</div>

<div>[2013/05/16 03:49:42 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf</div>

<div>[2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat</div>

<div>[2013/05/15 15:01:29 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf</div>

<div>[2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>

<div>[2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$</div>

<div>[2013/05/09 22:05:23 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf</div>

<div>[2013/05/07 22:39:11 | 000,000,149 | ---- | M] () -- C:\WINDOWS\System32\sa.bat</div>

<div>[2013/05/07 12:09:07 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat</div>

<div>[2013/05/07 12:08:40 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat</div>

<div>[2013/05/06 22:21:10 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\zynet2.0.exe</div>

<div>[2013/05/06 22:20:53 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onfnet2.dat</div>

<div>[2013/05/06 14:54:44 | 000,007,176 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol</div>

<div>[2013/05/04 17:18:43 | 000,001,811 | ---- | M] () -- C:\WINDOWS\System32\hex2.exe</div>

<div>[2013/05/04 17:16:39 | 000,014,208 | ---- | M] () -- C:\WINDOWS\System32\K3d_Driver.sys</div>

<div>[2013/05/04 15:16:32 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\win.bat</div>

<div>[2013/05/04 15:16:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\VER.DLL</div>

<div>[2013/05/04 13:54:52 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk</div>

<div>[2013/04/30 07:04:25 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\spg.bat</div>

<div>[2013/04/30 07:03:58 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System32\sp.bat</div>

<div>[2013/04/28 23:19:14 | 000,001,204 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp</div>

<div>[2013/04/28 03:21:35 | 000,002,361 | ---- | M] () -- C:\WINDOWS\svchosf.exe</div>

<div>[2013/04/27 21:57:31 | 000,364,544 | ---- | M] () -- C:\WINDOWS\System32\hex23.exe</div>

<div>[2013/04/26 23:46:40 | 000,042,177 | ---- | M] () -- C:\WINDOWS\System32\tsmmc.msc</div>

<div>[2013/04/26 13:35:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\hex123.vbs</div>

<div>[2013/04/26 13:34:12 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\zy123.vbs</div>

<div>[2013/04/26 13:34:03 | 000,012,623 | ---- | M] () -- C:\WINDOWS\System32\boot123.vbs</div>

<div>[2013/04/26 13:33:51 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\xp123.vbs</div>

<div>[2013/04/25 09:19:13 | 021,276,851 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\eylrwiftqh</div>

<div>[2013/04/24 15:45:44 | 305,721,344 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP</div>

<div>[2013/04/24 13:25:36 | 020,233,875 | ---- | M] (Kingsoft Corporation) -- C:\ndehmvpdxc</div>

<div>[2013/04/24 13:25:24 | 021,072,365 | ---- | M] (Kingsoft Corporation) -- C:\nwnsdmfloh</div>

<div>[2013/04/24 13:25:20 | 023,607,610 | ---- | M] (Kingsoft Corporation) -- C:\pjtftrcrlf</div>

<div>[2013/04/24 13:20:16 | 000,902,488 | ---- | M] (ACD Systems, Ltd.) -- C:\WINDOWS\System32\boot123.exe</div>

<div>[2013/04/24 07:09:30 | 022,584,027 | ---- | M] (Kingsoft Corporation) -- C:\gsdhivniyq</div>

<div>[2013/04/24 07:09:18 | 026,142,471 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\hjvindwmli</div>

<div>[2013/04/24 07:08:55 | 000,749,400 | ---- | M] (Kingsoft Corporation) -- C:\gxhvhwgdjk</div>

<div>[2013/04/24 07:08:30 | 000,749,400 | ---- | M] (Kingsoft Corporation) -- C:\oitbylwmmy</div>

<div>[2013/04/24 07:07:21 | 021,739,201 | ---- | M] (Kingsoft Corporation) -- C:\lvujcbpfxv</div>

<div>[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</div>

<div>[108 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</div>

<div>[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]</div>

<div>========== Files Created - No Company Name ==========</div>

<div>[2013/05/22 19:28:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex360.exe</div>

<div>[2013/05/22 08:23:36 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\hexInternet.exe</div>

<div>[2013/05/22 00:53:36 | 000,002,369 | ---- | C] () -- C:\WINDOWS\taskmgr.exe</div>

<div>[2013/05/22 00:49:12 | 000,002,369 | ---- | C] () -- C:\WINDOWS\svchost.exe</div>

<div>[2013/05/21 20:21:20 | 000,002,396 | ---- | C] () -- C:\WINDOWS\server.exe</div>

<div>[2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol</div>

<div>[2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe</div>

<div>[2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat</div>

<div>[2013/05/18 11:12:28 | 000,002,350 | ---- | C] () -- C:\WINDOWS\QQGameMgr.exe</div>

<div>[2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe</div>

<div>[2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$</div>

<div>[2013/05/09 14:27:02 | 000,000,000 | ---- | C] () -- C:\Program Files\7b</div>

<div>[2013/05/09 14:11:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\wvinyk.inf</div>

<div>[2013/05/09 14:10:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\backs.dat</div>

<div>[2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe</div>

<div>[2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat</div>

<div>[2013/05/04 17:18:43 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\hex2.exe</div>

<div>[2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat</div>

<div>[2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat</div>

<div>[2013/05/04 15:16:32 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\win.bat</div>

<div>[2013/04/30 07:04:25 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\spg.bat</div>

<div>[2013/04/30 07:03:58 | 000,000,226 | ---- | C] () -- C:\WINDOWS\System32\sp.bat</div>

<div>[2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe</div>

<div>[2013/04/26 13:34:00 | 000,012,623 | ---- | C] () -- C:\WINDOWS\System32\boot123.vbs</div>

<div>[2013/04/24 14:01:12 | 000,002,361 | ---- | C] () -- C:\WINDOWS\svchosf.exe</div>

<div>[2013/04/24 13:03:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\onfthgack.dat</div>

<div>[2013/04/22 23:19:21 | 000,002,362 | ---- | C] () -- C:\WINDOWS\sqlagent.exe</div>

<div>[2013/04/21 07:09:30 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfintenet.dat</div>

<div>[2013/04/19 17:57:27 | 000,002,349 | ---- | C] () -- C:\WINDOWS\vbsa.exe</div>

<div>[2013/04/17 17:02:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\onfvbsa.dat</div>

<div>[2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe</div>

<div>[2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe</div>

<div>[2013/04/15 23:25:29 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\onfteber.dat</div>

<div>[2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe</div>

<div>[2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe</div>

<div>[2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe</div>

<div>[2013/04/14 18:58:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\hexseer.exe</div>

<div>[2013/04/13 21:08:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onflsadds.dat</div>

<div>[2013/04/12 18:08:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\onfxhddos.dat</div>

<div>[2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe</div>

<div>[2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat</div>

<div>[2013/04/05 21:29:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\onfqq.dat</div>

<div>[2013/04/05 19:34:42 | 000,002,348 | ---- | C] () -- C:\WINDOWS\tzmm.exe</div>

<div>[2013/03/31 00:31:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\onftask.dat</div>

<div>[2013/03/29 23:15:48 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\onfMicrosoftArbBod.dat</div>

<div>[2013/03/29 23:00:44 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onfsvshost.dat</div>

<div>[2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe</div>

<div>[2013/03/23 22:41:17 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\hexscker.exe</div>

<div>[2013/03/23 22:39:04 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\stscker.exe</div>

<div>[2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe</div>

<div>[2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe</div>

<div>[2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe</div>

<div>[2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat</div>

<div>[2013/03/22 21:21:37 | 000,204,830 | ---- | C] () -- C:\WINDOWS\System32\hexscvost.exe</div>

<div>[2013/03/22 21:20:17 | 000,204,830 | ---- | C] () -- C:\WINDOWS\System32\stscvost.exe</div>

<div>[2013/03/22 21:19:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\onfscvost.dat</div>

<div>[2013/03/21 22:10:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\onfmscc.dat</div>

<div>[2013/03/19 12:44:04 | 000,207,856 | ---- | C] () -- C:\WINDOWS\System32\hexYqrstuvwx_LEY.exe</div>

<div>[2013/03/19 12:42:26 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\onfYqrstuvwx_LEY.dat</div>

<div>[2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini</div>

<div>[2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe</div>

<div>[2013/03/07 07:56:11 | 000,219,437 | ---- | C] () -- C:\WINDOWS\System32\st37.exe</div>

<div>[2013/03/07 04:17:53 | 000,208,953 | ---- | C] () -- C:\WINDOWS\System32\st37.com</div>

<div>[2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com</div>

<div>[2013/03/06 09:25:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\onftaskmgr.dat</div>

<div>[2013/03/05 12:39:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\onfsessmgr.dat</div>

<div>[2013/02/20 20:50:52 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\onfPc.dat</div>

<div>[2013/02/03 17:48:03 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\hexr.exe</div>

<div>[2013/02/03 17:47:13 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\str.exe</div>

<div>[2013/01/30 03:32:33 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onflsass.dat</div>

<div>[2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys</div>

<div>[2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe</div>

<div>[2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys</div>

<div>[2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll</div>

<div>[2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll</div>

<div>[2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys</div>

<div>[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll</div>

<div>[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll</div>

<div>[2013/01/22 17:30:01 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\coreload.dll</div>

<div>[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys</div>

<div>[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll</div>

<div>[2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe</div>

<div>[2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS</div>

<div>[2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll</div>

<div>[2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini</div>

<div>[2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini</div>

<div>[2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini</div>

<div>[2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll</div>

<div>[2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat</div>

<div>[2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll</div>

necro007 · May 23, 2013

<p>Hi Report continued.:</p>

<div>[2013/01/22 17:28:35 | 003,530,959 | ---- | C] () -- C:\WINDOWS\System32\panti.exe</div>

<div>[2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe</div>

<div>[2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe</div>

<div>[2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe</div>

<div>[2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe</div>

<div>[2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe</div>

<div>[2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx</div>

<div>[2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx</div>

<div>[2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx</div>

<div>[2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx</div>

<div>[2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx</div>

<div>[2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx</div>

<div>[2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx</div>

<div>[2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx</div>

<div>[2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx</div>

<div>[2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx</div>

<div>[2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx</div>

<div>[2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx</div>

<div>[2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx</div>

<div>[2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx</div>

<div>[2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx</div>

<div>[2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx</div>

<div>[2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx</div>

<div>[2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx</div>

<div>[2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx</div>

<div>[2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx</div>

<div>[2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx</div>

<div>[2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx</div>

<div>[2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe</div>

<div>[2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx</div>

<div>[2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx</div>

<div>[2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx</div>

<div>[2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx</div>

<div>[2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx</div>

<div>[2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx</div>

<div>[2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx</div>

<div>[2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx</div>

<div>[2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx</div>

<div>[2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx</div>

<div>[2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx</div>

<div>[2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx</div>

<div>[2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx</div>

<div>[2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx</div>

<div>[2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx</div>

<div>[2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx</div>

<div>[2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx</div>

<div>[2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx</div>

<div>[2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx</div>

<div>[2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx</div>

<div>[2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx</div>

<div>[2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx</div>

<div>[2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx</div>

<div>[2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx</div>

<div>[2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx</div>

<div>[2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx</div>

<div>[2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx</div>

<div>[2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx</div>

<div>[2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx</div>

<div>[2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx</div>

<div>[2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx</div>

<div>[2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx</div>

<div>[2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx</div>

<div>[2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx</div>

<div>[2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx</div>

<div>[2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx</div>

<div>[2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx</div>

<div>[2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx</div>

<div>[2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx</div>

<div>[2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx</div>

<div>[2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx</div>

<div>[2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx</div>

<div>[2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx</div>

<div>[2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx</div>

<div>[2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx</div>

<div>[2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx</div>

<div>[2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx</div>

<div>[2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx</div>

<div>[2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx</div>

<div>[2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx</div>

<div>[2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx</div>

<div>[2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx</div>

<div>[2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx</div>

<div>[2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx</div>

<div>[2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx</div>

<div>[2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx</div>

<div>[2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx</div>

<div>[2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx</div>

<div>[2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx</div>

<div>[2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx</div>

<div>[2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx</div>

<div>[2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx</div>

<div>[2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx</div>

<div>[2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx</div>

<div>[2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx</div>

<div>[2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx</div>

<div>[2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx</div>

<div>[2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx</div>

<div>[2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx</div>

<div>[2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx</div>

<div>[2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx</div>

<div>[2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx</div>

<div>[2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx</div>

<div>[2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx</div>

<div>[2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx</div>

<div>[2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx</div>

<div>[2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx</div>

<div>[2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx</div>

<div>[2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx</div>

<div>[2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx</div>

<div>[2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx</div>

<div>[2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx</div>

<div>[2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx</div>

<div>[2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx</div>

<div>[2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx</div>

<div>[2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx</div>

<div>[2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx</div>

<div>[2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx</div>

<div>[2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx</div>

<div>[2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx</div>

<div>[2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx</div>

<div>[2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx</div>

<div>[2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx</div>

<div>[2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx</div>

<div>[2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx</div>

<div>[2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx</div>

<div>[2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx</div>

<div>[2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx</div>

<div>[2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx</div>

<div>[2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx</div>

<div>[2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx</div>

<div>[2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx</div>

<div>[2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx</div>

<div>[2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx</div>

<div>[2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx</div>

<div>[2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx</div>

<div>[2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx</div>

<div>[2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx</div>

<div>[2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx</div>

<div>[2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx</div>

<div>[2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx</div>

<div>[2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx</div>

<div>[2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx</div>

<div>[2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx</div>

<div>[2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx</div>

<div>[2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx</div>

<div>[2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx</div>

<div>[2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx</div>

<div>[2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx</div>

<div>[2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx</div>

<div>[2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx</div>

<div>[2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx</div>

<div>[2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx</div>

<div>[2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx</div>

<div>[2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx</div>

<div>[2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx</div>

<div>[2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx</div>

<div>[2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx</div>

<div>[2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx</div>

<div>[2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx</div>

<div>[2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx</div>

<div>[2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx</div>

<div>[2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx</div>

<div>[2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx</div>

<div>[2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx</div>

<div>[2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx</div>

<div>[2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx</div>

<div>[2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx</div>

<div>[2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx</div>

<div>[2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx</div>

<div>[2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx</div>

<div>[2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx</div>

<div>[2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx</div>

<div>[2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx</div>

<div>[2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx</div>

<div>[2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx</div>

<div>[2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx</div>

<div>[2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx</div>

<div>[2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx</div>

<div>[2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx</div>

<div>[2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx</div>

<div>[2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx</div>

<div>[2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx</div>

<div>[2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx</div>

<div>[2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx</div>

<div>[2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx</div>

<div>[2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx</div>

<div>[2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx</div>

<div>[2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx</div>

<div>[2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx</div>

<div>[2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx</div>

<div>[2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx</div>

<div>[2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx</div>

<div>[2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx</div>

<div>[2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx</div>

<div>[2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx</div>

<div>[2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx</div>

<div>[2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx</div>

<div>[2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx</div>

<div>[2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx</div>

<div>[2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx</div>

<div>[2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx</div>

<div>[2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx</div>

<div>[2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx</div>

<div>[2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx</div>

<div>[2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx</div>

<div>[2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx</div>

<div>[2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx</div>

<div>[2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx</div>

<div>[2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx</div>

<div>[2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx</div>

<div>[2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx</div>

<div>[2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx</div>

<div>[2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx</div>

<div>[2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx</div>

<div>[2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx</div>

<div>[2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx</div>

<div>[2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx</div>

<div>[2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx</div>

<div>[2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx</div>

<div>[2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx</div>

<div>[2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx</div>

<div>[2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx</div>

<div>[2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx</div>

<div>[2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx</div>

<div>[2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx</div>

<div>[2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx</div>

<div>[2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx</div>

<div>[2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx</div>

<div>[2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx</div>

<div>[2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx</div>

<div>[2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx</div>

<div>[2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx</div>

<div>[2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx</div>

<div>[2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx</div>

<div>[2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx</div>

<div>[2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx</div>

<div>[2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx</div>

<div>[2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx</div>

<div>[2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx</div>

<div>[2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx</div>

<div>[2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx</div>

<div>[2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx</div>

<div>[2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx</div>

<div>[2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx</div>

<div>[2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx</div>

<div>[2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx</div>

<div>[2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx</div>

<div>[2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx</div>

<div>[2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx</div>

<div>[2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx</div>

<div>[2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx</div>

<div>[2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx</div>

<div>[2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx</div>

<div>[2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx</div>

<div>[2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx</div>

<div>[2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx</div>

<div>[2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx</div>

<div>[2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx</div>

<div>[2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx</div>

<div>[2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx</div>

<div>[2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx</div>

<div>[2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx</div>

<div>[2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx</div>

<div>[2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx</div>

<div>[2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx</div>

<div>[2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx</div>

<div>[2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx</div>

<div>[2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx</div>

<div>[2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx</div>

<div>[2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx</div>

<div>[2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx</div>

<div>[2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx</div>

<div>[2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx</div>

<div>[2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx</div>

<div>[2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx</div>

<div>[2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx</div>

<div>[2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx</div>

<div>[2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx</div>

<div>[2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx</div>

<div>[2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx</div>

<div>[2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx</div>

<div>[2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx</div>

<div>[2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx</div>

<div>[2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx</div>

<div>[2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx</div>

<div>[2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx</div>

<div>[2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx</div>

<div>[2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx</div>

<div>[2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx</div>

<div>[2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx</div>

<div>[2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx</div>

<div>[2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx</div>

<div>[2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx</div>

<div>[2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx</div>

<div>[2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx</div>

<div>[2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx</div>

<div>[2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx</div>

<div>[2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx</div>

<div>[2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx</div>

<div>[2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx</div>

<div>[2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx</div>

<div>[2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx</div>

<div>[2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx</div>

<div>[2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx</div>

<div>[2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx</div>

<div>[2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx</div>

<div>[2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx</div>

<div>[2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx</div>

<div>[2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx</div>

<div>[2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx</div>

<div>[2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx</div>

<div>[2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx</div>

<div>[2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx</div>

<div>[2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx</div>

<div>[2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx</div>

<div>[2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx</div>

<div>[2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx</div>

<div>[2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx</div>

<div>[2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx</div>

<div>[2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx</div>

<div>[2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx</div>

<div>[2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx</div>

<div>[2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx</div>

<div>[2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx</div>

<div>[2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx</div>

<div>[2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx</div>

<div>[2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx</div>

<div>[2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx</div>

<div>[2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx</div>

<div>[2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx</div>

<div>[2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx</div>

<div>[2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx</div>

<div>[2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx</div>

<div>[2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx</div>

<div>[2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx</div>

<div>[2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx</div>

<div>[2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx</div>

<div>[2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx</div>

<div>[2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx</div>

<div>[2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe</div>

<div>[2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx</div>

<div>[2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx</div>

<div>[2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx</div>

<div>[2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx</div>

<div>[2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx</div>

<div>[2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx</div>

<div>[2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx</div>

<div>[2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx</div>

<div>[2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx</div>

<div>[2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx</div>

<div>[2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx</div>

<div>[2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx</div>

<div>[2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx</div>

<div>[2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx</div>

<div>[2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx</div>

<div>[2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx</div>

<div>[2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx</div>

<div>[2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx</div>

<div>[2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx</div>

<div>[2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx</div>

<div>[2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx</div>

<div>[2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx</div>

<div>[2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx</div>

<div>[2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx</div>

<div>[2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx</div>

<div>[2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx</div>

<div>[2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx</div>

<div>[2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx</div>

<div>[2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx</div>

<div>[2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx</div>

<div>[2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx</div>

<div>[2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx</div>

<div>[2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx</div>

<div>[2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx</div>

<div>[2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx</div>

<div>[2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx</div>

<div>[2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx</div>

<div>[2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx</div>

<div>[2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx</div>

<div>[2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx</div>

<div>[2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx</div>

<div>[2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx</div>

<div>[2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx</div>

<div>[2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx</div>

<div>[2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx</div>

<div>[2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx</div>

<div>[2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx</div>

<div>[2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx</div>

<div>[2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx</div>

<div>[2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx</div>

<div>[2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx</div>

<div>[2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx</div>

<div>[2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx</div>

<div>[2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx</div>

<div>[2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx</div>

<div>[2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx</div>

<div>[2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx</div>

<div>[2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx</div>

<div>[2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx</div>

<div>[2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx</div>

<div>[2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx</div>

<div>[2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx</div>

<div>[2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx</div>

<div>[2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx</div>

<div>[2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx</div>

<div>[2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx</div>

<div>[2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx</div>

<div>[2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx</div>

<div>[2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx</div>

<div>[2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx</div>

<div>[2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx</div>

<div>[2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx</div>

<div>[2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx</div>

<div>[2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx</div>

<div>[2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx</div>

<div>[2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx</div>

<div>[2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx</div>

<div>[2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx</div>

<div>[2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx</div>

<div>[2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx</div>

<div>[2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx</div>

<div>[2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx</div>

<div>[2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx</div>

<div>[2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx</div>

<div>[2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx</div>

<div>[2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx</div>

<div>[2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx</div>

<div>[2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx</div>

<div>[2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx</div>

<div>[2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx</div>

<div>[2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx</div>

<div>[2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx</div>

<div>[2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx</div>

<div>[2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx</div>

<div>[2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx</div>

<div>[2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx</div>

<div>[2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx</div>

<div>[2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx</div>

<div>[2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx</div>

<div>[2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx</div>

<div>[2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx</div>

<div>[2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx</div>

<div>[2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx</div>

<div>[2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx</div>

<div>[2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx</div>

<div>[2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx</div>

<div>[2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx</div>

<div>[2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx</div>

<div>[2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx</div>

<div>[2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx</div>

<div>[2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx</div>

<div>[2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx</div>

<div>[2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx</div>

<div>[2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx</div>

<div>[2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx</div>

<div>[2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx</div>

<div>[2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx</div>

<div>[2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx</div>

<div>[2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx</div>

<div>[2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx</div>

<div>[2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx</div>

<div>[2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx</div>

<div>[2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx</div>

<div>[2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx</div>

<div>[2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx</div>

<div>[2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx</div>

<div>[2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx</div>

<div>[2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx</div>

<div>[2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx</div>

<div>[2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx</div>

<div>[2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx</div>

<div>[2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx</div>

<div>[2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx</div>

<div>[2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx</div>

<div>[2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx</div>

<div>[2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx</div>

<div>[2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx</div>

<div>[2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx</div>

<div>[2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx</div>

<div>[2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx</div>

<div>[2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx</div>

<div>[2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx</div>

<div>[2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx</div>

<div>[2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx</div>

<div>[2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx</div>

<div>[2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx</div>

<div>[2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx</div>

<div>[2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx</div>

<div>[2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx</div>

<div>[2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx</div>

<div>[2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx</div>

<div>[2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx</div>

<div>[2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx</div>

<div>[2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx</div>

<div>[2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx</div>

<div>[2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx</div>

<div>[2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx</div>

<div>[2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx</div>

<div>[2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx</div>

<div>[2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx</div>

<div>[2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll</div>

<div>[2012/11/24 01:14:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\onfwins.dat</div>

<div>[2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll</div>

<div>[2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll</div>

<div>[2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll</div>

<div>[2012/08/30 17:52:19 | 000,002,361 | ---- | C] () -- C:\WINDOWS\scives.exe</div>

<div>[2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll</div>

<div>[2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe</div>

<div>[2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll</div>

<div>[2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll</div>

<div>[2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar</div>

<div>[2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff</div>

<div>[2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat</div>

<div>[2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl</div>

<div>[2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol</div>

<div>[2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert</div>

<div>[2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state</div>

<div>[2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties</div>

<div>[2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties</div>

<div>[2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties</div>

<div>[2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>========== ZeroAccess Check ==========</div>

<div>[2013/05/16 17:50:54 | 000,097,948 | ---- | M] () -- C:\Documents and Settings\laoshu$\Local Settings\Temporary Internet Files\Content.IE5\S5LR5KY3\l.tbcdn[1]</div>

<div>[2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>"" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>

<div>"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>

<div>"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Both</div>

<div>========== Alternate Data Streams ==========</div>

<div>@Alternate Data Stream - 40 bytes -> C:\Runonce:NUL</div>

<div>@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF</div>

necro007 · May 23, 2013

<p>Hi please see Extra log below:</p>

<p>OTL Extras logfile created on: 5/23/2013 9:00:49 AM - Run 1</p>