Infected with BAT/TrojanDownloader.Ftp.NOK Trojan

[necro007]

Good morning D-Fred-Brown,

I have run the scan, waiting for it to complete.

[necro007]

Hi D-Fred-Brown,

Please see scan results below:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.03.02

Windows Server 2003 Service Pack 1 x86 NTFS

Internet Explorer 7.0.5730.11

Administrator :: DRAGON [administrator]

2013/06/03 08:46:43 AM

mbam-log-2013-06-03 (08-46-43).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 959827

Time elapsed: 5 hour(s), 55 minute(s), 2 second(s)

Memory Processes Detected: 2

C:\WINDOWS\XXXXXX37654A81\svchsot.exe (Trojan.Svchsot) -> 3856 -> Delete on reboot.

C:\WINDOWS\system32\svchest.exe (Trojan.Agent) -> 224 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 25

HKLM\SYSTEM\CurrentControlSet\Services\Windows Test My fd (Trojan.Agent) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rps.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsafeTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTRAY.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XXXXXX37654A81 (Trojan.Svchsot) -> Data: C:\WINDOWS\XXXXXX37654A81\svchsot.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|shell (Trojan.Agent) -> Data: C:\windows\taskmgr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Bad: (Explorer.exe) Good: () -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 16

C:\WINDOWS\XXXXXX37654A81\svchsot.exe (Trojan.Svchsot) -> Quarantined and deleted successfully.

C:\Documents and Settings\hextfma.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\360.exe (Malware.NSPack) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\1.exe (Trojan.Agent.QQ) -> Quarantined and deleted successfully.

C:\RECYCLER\hex5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hexapym.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hexExplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hexcensored.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hexServer.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hexsqlupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\hextfma.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\xpServer.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\taskmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Explorer.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svchest.exe (Trojan.Agent) -> Delete on reboot.

(end)

Also, i noticed a program that runs and uses all the CPU resources, its called NTVDM.exe after i close each one down the CPU goes back to normal. It will eventually start up again though.

And if i go to users and groups, its blank. Its not displaying any of the user accounts. It was showing before the ESET online scan.

[D-FRED-BROWN]

Go ahead and post a new OTL log please

[necro007]

Hi D-Fred-Brown,

Please see scan results below for OTL.txt:

OTL logfile created on: 2013/06/04 08:14:59 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.48% Memory free

5.84 Gb Paging File | 4.36 Gb Available in Paging File | 74.63% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 231.75 Gb Total Space | 60.59 Gb Free Space | 26.14% Space Free | Partition Type: NTFS

Drive D: | 464.73 Gb Total Space | 292.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Drive E: | 464.73 Gb Total Space | 276.47 Gb Free Space | 59.49% Space Free | Partition Type: NTFS

Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe

PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe

PRC - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe

PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

PRC - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe

PRC - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe

PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe

PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe

PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe

PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe

PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe

PRC - [2013/05/03 15:22:35 | 000,527,360 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\browser\spresrt.exe

PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/01/20 13:03:04 | 000,856,064 | ---- | M] (www.gotop.org) -- c:\WINDOWS\mui\browser\GOTOPBR.EXE

PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe

PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE

PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe

PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe

PRC - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) -- C:\WINDOWS\system32\sysmgt.exe

PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll

PRC - [2006/04/14 20:10:48 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe

PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2005/03/24 18:06:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\LOGON.SCR

PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/24 17:57:54 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CMD.EXE

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe

PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/03 15:25:16 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi33.dll

MOD - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe

MOD - [2013/05/19 15:02:25 | 002,828,288 | ---- | M] () -- c:\WINDOWS\mui\gotop.exe

MOD - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\Themer.exe

MOD - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe

MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe

MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll

MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll

MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll

MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll

MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll

MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll

MOD - [2013/01/20 13:03:04 | 001,381,888 | ---- | M] () -- c:\WINDOWS\mui\browser\mozjs.dll

MOD - [2013/01/20 07:03:04 | 001,381,888 | ---- | M] () -- C:\WINDOWS\Debug\browser\mozjs.dll

MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll

MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll

MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll

MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll

MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll

MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll

MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll

MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE

MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll

MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll

MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll

MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll

MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll

MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll

MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll

MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll

MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll

MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe

MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\svchest.exe -- (Windows Test My Tedfasf.0)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv)

SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (SharedAccess)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod)

SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP)

SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO)

SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener)

SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa)

SRV - [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\360sb.exe -- (Nationallap)

SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde)

SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)

SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Themer.exe -- (Themer)

SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)

SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)

SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)

SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)

SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto)

SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service)

SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc)

SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service)

SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service)

SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983)

SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server)

SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)

SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)

SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter)

SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)

SRV - [2007/01/24 13:55:07 | 000,733,696 | ---- | M] (Cat Soft) [Auto | Running] -- C:\WINDOWS\system32\sysmgt.exe -- (sysmgt)

SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb)

SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)

SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr)

SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm)

SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)

SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS)

SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)

SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)

SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)

SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.)

SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)

SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)

SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0)

SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)

DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)

DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)

DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)

DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)

DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt)

DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)

DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)

DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)

DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)

DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=29065018_76_hao_pg

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/09/08 09:50:02 | 000,000,000 | ---D | M]

[2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 192.168.0.126 dpmserver.mhp.co.za

O1 - Hosts: 192.168.0.23 blesbok

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O4 - HKLM..\Run: [

QQPCTray] File not found

O4 - HKLM..\Run: [ QQPCTray] File not found

O4 - HKLM..\Run: [360Safetray] File not found

O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation)

O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found

O4 - HKLM..\Run: [dsa] C:\RECYCLER\woai.exe File not found

O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKLM..\Run: [fasd] C:\RECYCLER\woai.exe File not found

O4 - HKLM..\Run: [jhecryz] C:\WINDOWS\Resources\smscvc.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [KVMON] File not found

O4 - HKLM..\Run: [KVXP] File not found

O4 - HKLM..\Run: [kxesc] File not found

O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found

O4 - HKLM..\Run: [QQPCTray] File not found

O4 - HKLM..\Run: [RavTRAY] File not found

O4 - HKLM..\Run: [RISTRAY] File not found

O4 - HKLM..\Run: [shStatEXE] File not found

O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe ()

O4 - HKLM..\Run: [zvary] C:\windows\msapps\msinfo\wyhtday.exe File not found

O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\.DEFAULT..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found

O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\S-1-5-18..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found

O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\.DEFAULT..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found

O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found

O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found

O27 - HKLM IFEO\Storm.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/31 12:20:15 | 000,030,208 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\tfma.exe

[2013/05/30 09:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX37654A81

[2013/05/30 08:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan

[2013/05/29 05:48:06 | 000,500,680 | ---- | C] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe

[2013/05/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rumjow odsgi

[2013/05/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2013/05/24 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/05/24 11:01:37 | 025,817,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe

[2013/05/24 09:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller

[2013/05/24 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/05/24 09:48:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe

[2013/05/24 09:42:34 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap

[2013/05/24 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\INISet

[2013/05/24 09:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao

[2013/05/24 05:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KingSoft

[2013/05/24 05:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent

[2013/05/24 05:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wuji

[2013/05/24 05:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\liebao

[2013/05/23 22:18:32 | 000,079,360 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe

[2013/05/23 22:15:01 | 000,256,988 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe

[2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe

[2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe

[2013/05/10 12:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2013/05/10 12:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HC_logs

[2013/05/10 12:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gotop

[2013/05/09 14:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Network

[2013/05/09 12:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinCmder

[2013/05/06 14:00:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/04 03:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexwintime.exe

[2013/06/04 01:49:39 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job

[2013/06/04 01:09:52 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job

[2013/06/04 00:19:50 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini

[2013/06/04 00:19:48 | 000,001,335 | ---- | M] () -- C:\WINDOWS\System32\rpcserver32.dll

[2013/06/04 00:17:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/03 22:15:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb

[2013/06/03 22:15:49 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf

[2013/06/03 21:36:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexsvchost.exe

[2013/06/03 15:54:29 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\servger.exe

[2013/06/03 15:54:25 | 000,001,499 | ---- | M] () -- C:\WINDOWS\System32\vcinen.vbs

[2013/06/03 02:36:44 | 000,000,000 | ---- | M] () -- C:\hexServer.exe.exe

[2013/06/03 02:36:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexServer.exe.exe

[2013/06/03 02:35:38 | 000,000,077 | ---- | M] () -- C:\xpServer.exe.exe

[2013/06/03 02:35:36 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\xpServer.exe.exe

[2013/06/02 09:07:48 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat

[2013/06/02 09:07:21 | 000,000,628 | ---- | M] () -- C:\tsp.bat

[2013/06/02 05:10:15 | 000,000,000 | ---- | M] () -- C:\hexcensored.exe

[2013/06/02 05:10:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexcensored.exe

[2013/06/02 03:35:14 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat

[2013/06/02 00:34:06 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\hexsqlupdate.exe

[2013/06/02 00:32:49 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\stsqlupdate.exe

[2013/06/02 00:32:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\zysqlupdate.exe

[2013/06/02 00:32:34 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\onsqlupdate.exe

[2013/06/02 00:32:17 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\onfsqlupdate.dat

[2013/06/01 02:28:10 | 000,000,000 | ---- | M] () -- C:\hextfma.exe

[2013/06/01 02:28:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hextfma.exe

[2013/06/01 00:38:12 | 000,030,208 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\tfma.exe

[2013/05/31 09:43:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\37654A81.key

[2013/05/30 16:02:28 | 000,022,528 | ---- | M] () -- C:\WINDOWS\arp.vbs

[2013/05/30 16:00:49 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\hexExplorer.exe

[2013/05/30 09:20:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\37654A81

[2013/05/29 16:08:54 | 000,000,000 | ---- | M] () -- C:\hexapym.exe

[2013/05/29 16:08:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexapym.exe

[2013/05/29 11:39:32 | 000,000,000 | ---- | M] () -- C:\hex5.exe

[2013/05/29 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex5.exe

[2013/05/29 07:49:46 | 000,000,000 | ---- | M] () -- C:\Program Files\7b

[2013/05/29 07:01:30 | 000,032,120 | ---- | M] () -- C:\WINDOWS\123.exe

[2013/05/29 05:48:06 | 000,500,680 | ---- | M] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe

[2013/05/29 05:45:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf

[2013/05/29 05:45:28 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\back.dat

[2013/05/29 05:39:03 | 000,002,006 | ---- | M] () -- C:\WINDOWS\1.exe

[2013/05/29 05:07:49 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf

[2013/05/28 08:37:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job

[2013/05/26 10:28:08 | 000,000,000 | ---- | M] () -- C:\hexaqypm.exe

[2013/05/26 10:28:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexaqypm.exe

[2013/05/26 00:04:25 | 000,002,396 | ---- | M] () -- C:\WINDOWS\aoxiang.exe

[2013/05/24 11:02:56 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/24 10:53:17 | 025,817,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe

[2013/05/24 09:49:03 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk

[2013/05/24 09:43:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\revosetup.exe

[2013/05/24 09:43:04 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap

[2013/05/24 05:30:16 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\cxg13.bat

[2013/05/24 05:29:44 | 000,000,725 | ---- | M] () -- C:\WINDOWS\System32\censoredgo.inf

[2013/05/23 22:18:32 | 000,079,360 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe

[2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe

[2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe

[2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk

[2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe

[2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe

[2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat

[2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe

[2013/05/18 21:30:05 | 000,000,500 | ---- | M] () -- C:\5368.vbs

[2013/05/18 11:12:28 | 000,002,350 | ---- | M] () -- C:\WINDOWS\QQGameMgr.exe

[2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat

[2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$

[2013/05/07 22:39:11 | 000,000,149 | ---- | M] () -- C:\WINDOWS\System32\sa.bat

[2013/05/06 22:21:10 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\zynet2.0.exe

[2013/05/06 22:20:53 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onfnet2.dat

[2013/05/06 14:54:44 | 000,007,176 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/04 03:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexwintime.exe

[2013/06/03 21:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexsvchost.exe

[2013/06/03 15:54:29 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\servger.exe

[2013/06/03 15:54:25 | 000,001,499 | ---- | C] () -- C:\WINDOWS\System32\vcinen.vbs

[2013/06/03 02:36:44 | 000,000,000 | ---- | C] () -- C:\hexServer.exe.exe

[2013/06/03 02:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexServer.exe.exe

[2013/06/03 02:35:38 | 000,000,077 | ---- | C] () -- C:\xpServer.exe.exe

[2013/06/03 02:35:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\xpServer.exe.exe

[2013/06/02 09:07:21 | 000,000,628 | ---- | C] () -- C:\tsp.bat

[2013/06/02 05:10:12 | 000,000,000 | ---- | C] () -- C:\hexcensored.exe

[2013/06/02 05:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexcensored.exe

[2013/06/02 00:34:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\hexsqlupdate.exe

[2013/06/02 00:32:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\stsqlupdate.exe

[2013/06/02 00:32:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zysqlupdate.exe

[2013/06/02 00:32:29 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\onsqlupdate.exe

[2013/06/02 00:32:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfsqlupdate.dat

[2013/05/31 13:18:24 | 000,000,000 | ---- | C] () -- C:\hextfma.exe

[2013/05/31 13:18:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hextfma.exe

[2013/05/30 11:40:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\37654A81.key

[2013/05/30 09:20:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\37654A81

[2013/05/30 05:59:19 | 000,022,528 | ---- | C] () -- C:\WINDOWS\arp.vbs

[2013/05/30 05:57:52 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\hexExplorer.exe

[2013/05/29 16:08:54 | 000,000,000 | ---- | C] () -- C:\hexapym.exe

[2013/05/29 16:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexapym.exe

[2013/05/29 07:01:30 | 000,032,120 | ---- | C] () -- C:\WINDOWS\123.exe

[2013/05/29 05:45:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\back.dat

[2013/05/29 05:39:03 | 000,002,006 | ---- | C] () -- C:\WINDOWS\1.exe

[2013/05/29 04:04:46 | 000,000,000 | ---- | C] () -- C:\hex5.exe

[2013/05/29 04:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex5.exe

[2013/05/26 09:52:47 | 000,000,000 | ---- | C] () -- C:\hexaqypm.exe

[2013/05/26 09:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexaqypm.exe

[2013/05/26 00:04:25 | 000,002,396 | ---- | C] () -- C:\WINDOWS\aoxiang.exe

[2013/05/24 11:02:56 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/24 09:49:03 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk

[2013/05/24 05:30:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\cxg13.bat

[2013/05/24 05:29:44 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\censoredgo.inf

[2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe

[2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat

[2013/05/18 21:30:05 | 000,000,500 | ---- | C] () -- C:\5368.vbs

[2013/05/18 11:12:28 | 000,002,350 | ---- | C] () -- C:\WINDOWS\QQGameMgr.exe

[2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe

[2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$

[2013/05/09 14:27:02 | 000,000,000 | ---- | C] () -- C:\Program Files\7b

[2013/05/09 14:11:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\wvinyk.inf

[2013/05/09 14:10:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\backs.dat

[2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe

[2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat

[2013/05/04 17:18:43 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\hex2.exe

[2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat

[2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat

[2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe

[2013/04/24 14:01:12 | 000,002,361 | ---- | C] () -- C:\WINDOWS\svchosf.exe

[2013/04/22 23:19:21 | 000,002,362 | ---- | C] () -- C:\WINDOWS\sqlagent.exe

[2013/04/19 17:57:27 | 000,002,349 | ---- | C] () -- C:\WINDOWS\vbsa.exe

[2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe

[2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe

[2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe

[2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe

[2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe

[2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe

[2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat

[2013/04/05 19:34:42 | 000,002,348 | ---- | C] () -- C:\WINDOWS\tzmm.exe

[2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe

[2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe

[2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe

[2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe

[2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat

[2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini

[2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe

[2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com

[2013/02/03 17:48:03 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\hexr.exe

[2013/02/03 17:47:13 | 000,297,788 | ---- | C] () -- C:\WINDOWS\System32\str.exe

[2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys

[2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe

[2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys

[2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll

[2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll

[2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys

[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll

[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll

[2013/01/22 17:30:01 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\coreload.dll

[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys

[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll

[2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe

[2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS

[2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll

[2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini

[2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini

[2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini

[2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll

[2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat

[2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll

[2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe

[2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe

[2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe

[2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe

[2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe

[2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx

[2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx

[2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx

[2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx

[2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx

[2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx

[2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx

[2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx

[2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx

[2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx

[2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx

[2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx

[2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx

[2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx

[2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx

[2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx

[2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx

[2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx

[2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx

[necro007]

Hi, please see OTL.txt part2:

[2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx

[2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx

[2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx

[2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe

[2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx

[2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx

[2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx

[2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx

[2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx

[2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx

[2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx

[2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx

[2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx

[2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx

[2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx

[2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx

[2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx

[2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx

[2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx

[2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx

[2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx

[2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx

[2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx

[2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx

[2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx

[2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx

[2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx

[2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx

[2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx

[2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx

[2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx

[2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx

[2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx

[2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx

[2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx

[2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx

[2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx

[2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx

[2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx

[2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx

[2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx

[2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx

[2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx

[2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx

[2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx

[2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx

[2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx

[2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx

[2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx

[2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx

[2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx

[2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx

[2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx

[2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx

[2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx

[2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx

[2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx

[2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx

[2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx

[2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx

[2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx

[2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx

[2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx

[2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx

[2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx

[2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx

[2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx

[2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx

[2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx

[2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx

[2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx

[2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx

[2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx

[2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx

[2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx

[2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx

[2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx

[2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx

[2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx

[2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx

[2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx

[2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx

[2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx

[2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx

[2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx

[2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx

[2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx

[2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx

[2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx

[2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx

[2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx

[2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx

[2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx

[2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx

[2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx

[2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx

[2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx

[2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx

[2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx

[2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx

[2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx

[2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx

[2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx

[2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx

[2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx

[2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx

[2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx

[2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx

[2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx

[2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx

[2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx

[2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx

[2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx

[2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx

[2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx

[2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx

[2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx

[2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx

[2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx

[2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx

[2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx

[2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx

[2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx

[2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx

[2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx

[2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx

[2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx

[2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx

[2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx

[2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx

[2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx

[2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx

[2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx

[2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx

[2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx

[2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx

[2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx

[2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx

[2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx

[2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx

[2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx

[2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx

[2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx

[2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx

[2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx

[2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx

[2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx

[2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx

[2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx

[2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx

[2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx

[2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx

[2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx

[2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx

[2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx

[2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx

[2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx

[2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx

[2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx

[2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx

[2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx

[2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx

[2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx

[2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx

[2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx

[2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx

[2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx

[2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx

[2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx

[2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx

[2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx

[2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx

[2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx

[2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx

[2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx

[2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx

[2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx

[2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx

[2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx

[2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx

[2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx

[2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx

[2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx

[2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx

[2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx

[2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx

[2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx

[2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx

[2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx

[2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx

[2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx

[2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx

[2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx

[2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx

[2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx

[2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx

[2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx

[2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx

[2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx

[2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx

[2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx

[2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx

[2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx

[2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx

[2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx

[2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx

[2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx

[2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx

[2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx

[2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx

[2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx

[2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx

[2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx

[2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx

[2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx

[2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx

[2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx

[2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx

[2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx

[2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx

[2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx

[2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx

[2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx

[2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx

[2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx

[2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx

[2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx

[2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx

[2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx

[2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx

[2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx

[2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx

[2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx

[2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx

[2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx

[2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx

[2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx

[2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx

[2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx

[2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx

[2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx

[2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx

[2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx

[2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx

[2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx

[2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx

[2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx

[2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx

[2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx

[2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx

[2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx

[2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx

[2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx

[2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx

[2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx

[2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx

[2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx

[2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx

[2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx

[2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx

[2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx

[2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx

[2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx

[2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx

[2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx

[2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx

[2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx

[2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx

[2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx

[2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx

[2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx

[2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx

[2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx

[2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx

[2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx

[2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx

[2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx

[2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx

[2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx

[2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx

[2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx

[2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx

[2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx

[2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx

[2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx

[2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx

[2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx

[2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx

[2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx

[2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx

[2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx

[2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx

[2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx

[2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx

[2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx

[2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx

[2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx

[2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx

[2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx

[2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx

[2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx

[2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx

[2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx

[2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx

[2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx

[2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx

[2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx

[2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx

[2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx

[2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx

[2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx

[2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx

[2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx

[2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx

[2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe

[2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx

[2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx

[2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx

[2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx

[2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx

[2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx

[2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx

[2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx

[2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx

[2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx

[2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx

[2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx

[2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx

[2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx

[2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx

[2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx

[2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx

[2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx

[2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx

[2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx

[2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx

[2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx

[2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx

[2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx

[2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx

[2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx

[2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx

[2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx

[2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx

[2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx

[2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx

[2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx

[2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx

[2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx

[2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx

[2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx

[2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx

[2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx

[2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx

[2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx

[2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx

[2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx

[2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx

[2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx

[2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx

[2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx

[2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx

[2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx

[2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx

[2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx

[2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx

[2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx

[2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx

[2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx

[2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx

[2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx

[2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx

[2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx

[2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx

[2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx

[2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx

[2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx

[2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx

[2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx

[2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx

[2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx

[2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx

[2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx

[2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx

[2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx

[2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx

[2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx

[2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx

[2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx

[2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx

[2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx

[2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx

[2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx

[2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx

[2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx

[2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx

[2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx

[2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx

[2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx

[2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx

[2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx

[2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx

[2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx

[2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx

[2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx

[2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx

[2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx

[2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx

[2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx

[2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx

[2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx

[2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx

[2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx

[2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx

[2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx

[2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx

[2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx

[2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx

[2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx

[2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx

[2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx

[2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx

[2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx

[2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx

[2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx

[2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx

[2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx

[2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx

[2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx

[2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx

[2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx

[2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx

[2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx

[2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx

[2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx

[2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx

[2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx

[2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx

[2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx

[2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx

[2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx

[2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx

[2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx

[2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx

[2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx

[2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx

[2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx

[2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx

[2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx

[2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx

[2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx

[2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx

[2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx

[2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx

[2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx

[2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx

[2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx

[2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx

[2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx

[2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx

[2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx

[2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx

[2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx

[2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx

[2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx

[2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx

[2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx

[2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx

[2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx

[2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx

[2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx

[2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx

[2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx

[2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx

[2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx

[2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll

[2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll

[2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll

[2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll

[2012/08/30 17:52:19 | 000,002,361 | ---- | C] () -- C:\WINDOWS\scives.exe

[2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll

[2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe

[2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll

[2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll

[2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar

[2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff

[2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl

[2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert

[2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state

[2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties

[2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties

[2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties

[2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Runonce:NUL

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

[necro007]

Hi please see Extras.txt below:

OTL Extras logfile created on: 2013/06/04 08:14:59 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.48% Memory free

5.84 Gb Paging File | 4.36 Gb Available in Paging File | 74.63% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 231.75 Gb Total Space | 60.59 Gb Free Space | 26.14% Space Free | Partition Type: NTFS

Drive D: | 464.73 Gb Total Space | 292.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Drive E: | 464.73 Gb Total Space | 276.47 Gb Free Space | 59.49% Space Free | Partition Type: NTFS

Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe ()

.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe ()

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe ()

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe ()

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe ()

.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1"

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05A646C0-2068-4536-BAD3-4CAFA500FA8A}" = ServerView RAID

"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005

"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools

"{1DF999AD-1654-4C80-864E-C2E2284C8FD5}" = Fujitsu Siemens ServerView Agents

"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop

"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0

"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{5D81D227-790A-43D8-BD30-6A7935CD6837}" = MadOnion.com/PCMark2002

"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2

"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11

"{752AE27D-0AE5-4728-B615-308926C04A91}" = ArcGIS ArcIMS

"{7F2357C7-4F66-4FE6-952A-EEF701AA368A}" = ArcGIS Image Server Tutorial

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B799ADD-7E5C-41B9-936B-942F3CAE42A0}" = Jakarta Isapi Redirector

"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4

"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)

"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1

"{A20152C1-6CB7-4343-9C12-BEAB68952D9E}" = ArcGIS 9.2 Demos Print Custom Web ADF Task

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch

"{ACDE005A-598D-4147-9482-880723015E3B}" = ArcGIS Image Server

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus

"{C1755A45-D393-4E72-9FF8-88A328602D57}" = Fujitsu Siemens GlobalFlash Service

"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}" = DeltaCopy

"{DA41E333-39E0-4956-A329-DFC75F0A353A}" = ArcGIS ArcSDE for Microsoft SQL Server

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0

"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services

"{FC195F9B-059C-4D21-B937-24687368D192}" = Windows Agent

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)

"ArcGIS License Manager" = ArcGIS License Manager

"ATI Display Driver" = ATI Display Driver

"Complitly_is1" = Complitly

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"ESET Online Scanner" = ESET Online Scanner v3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ImageMagick 6.4.1 Q16_is1" = ImageMagick 6.4.1-8 Q16 (07/01/08)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PHP 5.1.2" = PHP 5.1.2

"Raster Utilities_is1" = Raster Utilities v1.0

"Revo Uninstaller" = Revo Uninstaller 1.94

"TeamViewer 8" = TeamViewer 8

"UPSMON Plus for Windows_is1" = UPSMON Plus for Windows

"WIC" = Windows Imaging Component

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 1

"XXConsole" = XXConsole: Super Console Generator ver 0.96

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013/06/03 03:27:45 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 03:27:45 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 03:27:47 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 03:27:47 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 03:27:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 03:27:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Cannot find table geoafrika/staff from the internal data dictionary

of

InnoDB though the .frm file for the table exists. Maybe you have deleted and recreated

InnoDB data files but have forgotten to delete the corresponding .frm files of InnoDB

tables, or you have moved .frm files to another database? See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html

how

you can resolve the problem. For more information, see Help and Support Center at

http://www.mysql.com.

Error - 2013/06/03 11:29:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/03 11:29:49 AM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/03 06:24:41 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/03 06:24:41 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

[ System Events ]

Error - 2013/06/04 02:25:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/04 02:25:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/04 02:26:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/04 02:26:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/04 02:27:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/04 02:27:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/04 02:28:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/04 02:28:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/04 02:29:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/04 02:29:45 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

< End of report >

[D-FRED-BROWN]

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?

[necro007]

Hi D-Fred-Brown,

When i ran the scan it lasted 10 seconds. I tried it 5 times and it did the same thing. It didn't open any log file.

So i tried to force it to run as administrator.

It comes up with ... 2 errors:

Can't initialize log

Can't load driver

[D-FRED-BROWN]

Sorry for the delay.

Let's try something else:

Please download and scan with SUPERAntiSpyware Free

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
  For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)

• In the Main Menu, click the Preferences... button.
  
• Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  
• Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.

  [*]Click the "Close" button to leave the Control Center screen.

• Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  
• If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  
• Click the Scan your computer... button.
  
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  
• Make sure everything has a checkmark next to it and click "Next".
  
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  
• If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.

• Click the View Scan Logs button at the bottom.
  
• This will open the Scanner Logs Window.
  
• Click on the log to highlight it and then click on View Selected Log to open it.
  
• Copy and paste the scan log results in your next reply.

-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

[necro007]

Hi D-Fred Brown

Please see below for report:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 06/06/2013 at 11:48 AM

Application Version : 5.6.1020

Core Rules Database Version : 10491

Trace Rules Database Version: 8303

Scan type : Complete Scan

Total Scan Time : 03:29:32

Operating System Information

Windows Server 2003 Standard Edition 32-bit, Service Pack 1 (Build 5.02.3790)

Administrator

Memory items scanned : 846

Memory threats detected : 1

Registry items scanned : 48333

Registry threats detected : 6

File items scanned : 205839

File threats detected : 53

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.cpmburner[2].txt [ /adserver1.cpmburner ]

C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.mediacpm[2].txt [ /adserver1.mediacpm ]

C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt [ /atdmt ]

C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt [ /doubleclick ]

C:\Documents and Settings\Administrator\Cookies\administrator@gamesextensions[2].txt [ /gamesextensions ]

C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt [ /invitemedia ]

C:\Documents and Settings\Administrator\Cookies\administrator@lucidmedia[1].txt [ /lucidmedia ]

C:\Documents and Settings\Administrator\Cookies\administrator@ru4[2].txt [ /ru4 ]

C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt [ /serving-sys ]

C:\Documents and Settings\Administrator\Cookies\administrator@cnzz.mmstat[2].txt [ /cnzz.mmstat.com ]

C:\Documents and Settings\Administrator\Cookies\administrator@mmstat[1].txt [ /mmstat.com ]

C:\DOCUMENTS AND SETTINGS\123\Cookies\123@mmstat[1].txt [ Cookie:123@mmstat.com/ ]

C:\DOCUMENTS AND SETTINGS\123\Cookies\123@cnzz.mmstat[1].txt [ Cookie:123@cnzz.mmstat.com/ ]

C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@mmstat[1].txt [ Cookie:8yoo$@mmstat.com/ ]

C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@mediav[2].txt [ Cookie:8yoo$@mediav.com/ ]

C:\DOCUMENTS AND SETTINGS\8YOO$\Cookies\8yoo$@cnzz.mmstat[2].txt [ Cookie:8yoo$@cnzz.mmstat.com/ ]

C:\DOCUMENTS AND SETTINGS\USER\Cookies\user@mmstat[1].txt [ Cookie:user@mmstat.com/ ]

C:\DOCUMENTS AND SETTINGS\8YOO$\COOKIES\8YOO$@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]

cdn-www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCS5VTWR ]

wwwstatic.megaporn.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCS5VTWR ]

C:\DOCUMENTS AND SETTINGS\USER\COOKIES\USER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

Worm.Rbot Variant

HKLM\System\ControlSet001\Services\SYSMGT

C:\WINDOWS\SYSTEM32\SYSMGT.EXE

HKLM\System\ControlSet001\Enum\Root\LEGACY_SYSMGT

HKLM\System\ControlSet003\Services\SYSMGT

HKLM\System\ControlSet003\Enum\Root\LEGACY_SYSMGT

HKLM\System\CurrentControlSet\Services\SYSMGT

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SYSMGT

C:\WINDOWS\SYSTEM32\SYSMGT.EXE

Trojan.Dropper/Gen-PHP

E:\FAVORITEVIDEO\INVISIBLEFOLDER\CLICK.PHP

Adware.Tencent

C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\26VY7XHS\SERVER[1].EXE

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\CTUVWXYAB_NET.EXE

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\SERVER.EXE

C:\WINDOWS\SRCHASST\RPCPROXY\SSOPLATFORM.DLL

C:\WINDOWS\SYSTEM32\CTUVWXYAB_NET.EXE

Trojan.Agent/Gen-Frauder

C:\DOCUMENTS AND SETTINGS\HEXEXPLORER.EXE

C:\WINDOWS\ARP.VBS

C:\WINDOWS\SYSTEM32\HEXEXPLORER.EXE

Rogue.Agent/Gen-Nullo[EXE]

C:\WINDOWS\360SB.EXE

C:\WINDOWS\AOXIANG.EXE

C:\WINDOWS\QQGAMEMGR.EXE

C:\WINDOWS\SCIVES.EXE

C:\WINDOWS\SQLAGENT.EXE

C:\WINDOWS\SYSTEM32\HEX2.EXE

C:\WINDOWS\TZMM.EXE

C:\WINDOWS\VBSA.EXE

Adware.Vundo/Variant-MSFake

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\DUMP.COM

C:\WINDOWS\SYSTEM32\DUMP.COM

Trojan.Agent/Gen-MonSync

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.2.0.5\MONSYNC.EXE

C:\WINDOWS\SYSTEM32\MONSYNC.EXE

Trojan.Agent/Gen-Backdoor

C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HCAPPS.EXE

Trojan.Agent/Gen

C:\WINDOWS\SVCHOSF.EXE

Rogue.Agent/Gen-Nullo[DLL]

C:\WINDOWS\SYSTEM32\BLA.DLL

C:\WINDOWS\SYSTEM32\CORELOAD.DLL

C:\WINDOWS\SYSTEM32\MSTORES.DLL

C:\WINDOWS\SYSTEM32\RPCSERVER32.DLL

Trojan.Agent/Gen-Yoddos

C:\WINDOWS\SYSTEM32\HEXR.EXE

C:\WINDOWS\SYSTEM32\STR.EXE

Trojan.Agent/Gen-MSFake

C:\WINDOWS\SYSTEM32\UIMKYC.EXE

Trojan.Agent/Gen-NetCat

C:\WINDOWS\TEMP\95315964.TMP

[D-FRED-BROWN]

Looks better- we're making progress.

Please run OTL again and post both the OTL.txt and the Extras.txt in your next reply.

[necro007]

Hi D-Fred-Brown,

The scan is in progress.

[necro007]

Hi D-Fred-Brown,

Please see below for OTL results:

OTL logfile created on: 2013/06/10 12:02:17 PM - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free

5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.58% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 231.75 Gb Total Space | 61.98 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Drive D: | 464.73 Gb Total Space | 267.02 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Drive E: | 464.73 Gb Total Space | 276.44 Gb Free Space | 59.48% Space Free | Partition Type: NTFS

Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 16:41:00 | 000,332,658 | RHS- | M] () -- C:\WINDOWS\ime\lsass.exe

PRC - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe

PRC - [2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe

PRC - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

PRC - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe

PRC - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

PRC - [2013/05/19 15:01:45 | 000,180,224 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe

PRC - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe

PRC - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe

PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2013/05/05 10:53:26 | 002,177,490 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\wpdmtp.exe

PRC - [2013/05/03 15:22:35 | 000,527,360 | ---- | M] (Prassi Software) -- C:\WINDOWS\Debug\browser\spresrt.exe

PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe

PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE

PRC - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe

PRC - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe

PRC - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll

PRC - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () -- C:\WINDOWS\ime\csrss.exe

PRC - [2006/04/14 20:10:48 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe

PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

PRC - [2005/03/24 18:26:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\W3WP.EXE

PRC - [2005/03/24 18:12:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2005/03/24 18:06:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\LOGON.SCR

PRC - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2005/03/24 18:01:54 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe

PRC - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe

PRC - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/10 11:09:37 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi34.dll

MOD - [2013/06/03 15:25:16 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi33.dll

MOD - [2013/05/29 16:41:00 | 000,342,248 | RHS- | M] () -- C:\WINDOWS\ime\libcurl-4.dll

MOD - [2013/05/29 16:41:00 | 000,332,658 | RHS- | M] () -- C:\WINDOWS\ime\lsass.exe

MOD - [2013/05/29 05:46:31 | 001,078,030 | ---- | M] () -- C:\WINDOWS\Resources\smscvc.exe

MOD - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

MOD - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () -- C:\WINDOWS\system32\Syswin\svchost.exe

MOD - [2013/05/15 08:42:32 | 000,023,040 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\woi23.dll

MOD - [2013/05/07 06:32:20 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk153.dll

MOD - [2013/05/01 14:45:03 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk135.dll

MOD - [2013/04/29 10:16:38 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\cnakk121.dll

MOD - [2013/04/11 05:19:32 | 000,060,416 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl64.dll

MOD - [2013/04/07 14:52:46 | 000,059,904 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\winl45.dll

MOD - [2013/01/20 07:03:04 | 001,381,888 | ---- | M] () -- C:\WINDOWS\Debug\browser\mozjs.dll

MOD - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () -- C:\WINDOWS\system32\WCASvc.dll

MOD - [2009/09/02 10:09:22 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9e1542d2d2c7150dadc4ba2194822581\Microsoft.SqlServer.ConnectionInfo.ni.dll

MOD - [2009/08/26 10:43:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll

MOD - [2009/08/26 10:43:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll

MOD - [2009/08/26 10:43:24 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll

MOD - [2009/08/26 10:43:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

MOD - [2009/08/26 10:28:54 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0d7c1d80f0960d0473ed13f107ce7d81\System.Xml.ni.dll

MOD - [2009/08/26 10:27:44 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll

MOD - [2009/08/26 10:25:39 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

MOD - [2009/08/26 09:46:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2009/08/26 09:43:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/08/26 09:43:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2008/01/28 14:43:42 | 000,548,864 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE

MOD - [2007/03/09 08:34:40 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\zlib1.dll

MOD - [2007/02/15 21:36:24 | 000,090,112 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hm420m.dll

MOD - [2007/02/15 21:36:18 | 000,487,424 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\hd420m.dll

MOD - [2006/10/04 04:45:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\esriI18N.dll

MOD - [2006/09/29 10:40:02 | 000,118,784 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\znglib.dll

MOD - [2006/09/29 10:40:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Common Files\ESRI\Raster\bin\ntx86\znglib.dll

MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\bin\icudt22l.dll

MOD - [2006/08/02 12:21:24 | 005,533,696 | ---- | M] () -- C:\ArcGIS\ArcSDE\sqlexe\bin\icudt22l.dll

MOD - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () -- C:\WINDOWS\ime\csrss.exe

MOD - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\hrrslvr.dll

MOD - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () -- C:\WINDOWS\system32\netdbadm.dll

MOD - [2003/03/25 14:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe

MOD - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe

MOD - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\svchest.exe -- (Windows Test My Tedfasf.0)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\mplayer.txt -- (TapSrv)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Qwkezc sezmea)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\657C7AC5.exe -- (Pqrstu Wxyabcde Ghi bod)

SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE OEMREP -- (OracleServiceOEMREP)

SRV - File not found [Auto | Stopped] -- c:\oracle\ora90\bin\ORACLE.EXE MHPGEO -- (OracleServiceMHPGEO)

SRV - File not found [Auto | Stopped] -- C:\oracle\ora90\BIN\TNSLSNR -- (OracleOraHome90TNSListener)

SRV - File not found [On_Demand | Stopped] -- C:\oracle\ora90\BIN\OMSNTsrv.exe -- (OracleOraHome90ManagementServer)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\oweawm.exe -- (Nationalghh)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmon\mnmsrvc.exe -- (mnmsrvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nod.exe -- (ltmi)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Kkuiow igzvmi)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\C233C2AB.exe -- (jxdsystem services)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\IPv6CertBrowsSvc.dll -- (IPv6CertBrowsSvc)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Ipdzvu kuiese)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Gqyvdy uubrie)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lp32.exe -- (elp32)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Haooeaw.exe -- (Aeqiiu qepbpa)

SRV - [2013/06/05 03:52:36 | 054,630,057 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Ugwyaq\Xqkiuzg.exe -- (Iqaeym yqodwa)

SRV - [2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\360sb.exe -- (Nationallap)

SRV - [2013/05/19 15:02:26 | 000,102,400 | ---- | M] (Environmental Systems Research Institute, Inc.) [Auto | Running] -- C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe -- (esri_sde)

SRV - [2013/05/19 15:02:21 | 000,131,072 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)

SRV - [2013/05/19 15:02:20 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Themer.exe -- (Themer)

SRV - [2013/05/19 15:02:13 | 000,312,212 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)

SRV - [2013/05/19 15:02:09 | 000,495,616 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)

SRV - [2013/05/19 15:02:05 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)

SRV - [2013/05/19 15:01:40 | 000,098,304 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)

SRV - [2013/05/19 14:59:56 | 001,028,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Syswin\svchost.exe -- (RasAuto)

SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/03/10 18:17:06 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\hkcmd.exe -- (Shell Service)

SRV - [2012/12/03 03:51:34 | 000,544,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WCASvc.dll -- (WCASvc)

SRV - [2012/11/14 16:13:16 | 000,278,528 | ---- | M] (N-able Technologies) [Auto | Stopped] -- C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service)

SRV - [2012/11/14 16:13:12 | 000,028,672 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service)

SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2008/06/05 13:26:50 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServiceProvider.exe -- (ESRI Image ServiceProvider: 3983)

SRV - [2008/06/05 13:26:26 | 000,376,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServer.exe -- (ESRI Image Server)

SRV - [2007/12/18 16:43:32 | 000,419,088 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)

SRV - [2007/12/18 16:41:14 | 000,535,312 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)

SRV - [2007/12/18 08:43:30 | 000,147,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\ESRI\Image Server\ESRIImageServerReporterService.exe -- (ESRIImageServerReporter)

SRV - [2007/12/07 11:26:56 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)

SRV - [2006/10/04 03:25:00 | 000,792,064 | ---- | M] (System32) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\type32.dll -- (keyb)

SRV - [2006/06/28 04:55:51 | 000,008,192 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\ime\csrss.exe -- (themeb)

SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2005/03/24 20:38:42 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)

SRV - [2005/03/24 18:26:14 | 000,121,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\hrrslvr.dll -- (hrrslvr)

SRV - [2005/03/24 18:26:14 | 000,054,784 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\netdbadm.dll -- (netdbadm)

SRV - [2005/03/24 18:26:08 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)

SRV - [2005/03/24 18:13:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS)

SRV - [2005/03/24 18:13:02 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)

SRV - [2005/03/24 18:08:24 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)

SRV - [2005/03/24 18:08:24 | 000,465,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntmssvc32.dll -- (NtmsSvc)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)

SRV - [2005/03/24 18:05:06 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2005/03/24 18:05:04 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2005/03/24 18:00:48 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)

SRV - [2004/08/17 20:00:00 | 006,950,912 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1538127516.dll -- (DirectX Rejrq.)

SRV - [2003/03/25 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)

SRV - [2003/03/25 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)

SRV - [2003/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Tasker\Aims_Tasker.exe -- (ArcIMS Tasker 9.2.0)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\Server\Monitor\Aims_Monitor.exe -- (ArcIMS Monitor 9.2.0)

SRV - [2003/03/18 10:19:38 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_AppServer.exe -- (ArcIMS Application Server 9.2.0)

SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)

DRV - File not found [Adapter | Auto | Unknown] -- C:\Program Files\Google\1.dll -- (Iprip)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2013/04/19 00:15:41 | 000,006,656 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)

DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)

DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2007/12/18 16:42:18 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)

DRV - [2007/12/18 16:42:16 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)

DRV - [2007/11/26 20:51:04 | 000,093,427 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACMgt)

DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)

DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)

DRV - [2005/12/06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/03/24 18:13:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)

DRV - [2005/03/24 18:00:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)

DRV - [2005/03/24 17:57:52 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=29065018_76_hao_pg

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/09/08 09:50:02 | 000,000,000 | ---D | M]

[2013/05/10 12:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2013/03/15 13:12:25 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 192.168.0.126 dpmserver.mhp.co.za

O1 - Hosts: 192.168.0.23 blesbok

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Administrator\Application Data\Complitly\AutocompletePro.dll (SimplyGen)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O4 - HKLM..\Run: [

QQPCTray] File not found

O4 - HKLM..\Run: [ QQPCTray] File not found

O4 - HKLM..\Run: [360Safetray] File not found

O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation)

O4 - HKLM..\Run: [bixushi] c:\windows\system32\csx.exe File not found

O4 - HKLM..\Run: [ewswdk] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKLM..\Run: [jhecryz] C:\WINDOWS\Resources\smscvc.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [KVMON] File not found

O4 - HKLM..\Run: [KVXP] File not found

O4 - HKLM..\Run: [kxesc] File not found

O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found

O4 - HKLM..\Run: [QQPCTray] File not found

O4 - HKLM..\Run: [RavTRAY] File not found

O4 - HKLM..\Run: [Remote] "C:\Windows\misx.exe" -autorun File not found

O4 - HKLM..\Run: [RISTRAY] File not found

O4 - HKLM..\Run: [shell] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [shStatEXE] File not found

O4 - HKLM..\Run: [weyrzader] C:\WINDOWS\Cluster\clients\srchasy\smyscvc.exe ()

O4 - HKLM..\Run: [zvary] C:\windows\msapps\msinfo\wyhtday.exe File not found

O4 - HKU\.DEFAULT..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\.DEFAULT..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found

O4 - HKU\S-1-5-18..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\S-1-5-18..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background File not found

O4 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500..\Run: [GoTop] C:\WINDOWS\Debug\wpdmtp.exe (Prassi Software)

O4 - HKU\.DEFAULT..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [] C:\WINDOWS\System32\OSK.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe (深圳市迅雷网络技术有限公司)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-3652302946-4094972055-3012646909-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F42B20-CDE1-481A-B43C-B59715E9A109}: NameServer = 8.8.8.8,196.14.239.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACE1CF-691A-4D29-A654-7452C257C7B0}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found

O27 - HKLM IFEO\360rp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\360rps.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\360Safe.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\360sd.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\360tray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\app.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found

O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\kavstart.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\kissvc.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\KsafeTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\KSWebShield.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\KVMonXP.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\KVMonXP.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\KVSrvXp.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\kvxp.kxp: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\Kwatch.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\net2.exe: Debugger - C:\WINDOWS\ime\cv.exe File not found

O27 - HKLM IFEO\QQPCRTP.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\QQPCTray.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\ravmond.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\RSTRAY.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\SHSTAT.EXE: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O27 - HKLM IFEO\Storm.exe: Debugger - C:\WINDOWS\System32\TASKKILL.EXE (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/26 12:18:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/09 12:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startupÿ

[2013/06/09 12:55:16 | 000,191,114 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe

[2013/06/05 16:40:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws.exe

[2013/06/05 16:39:53 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p.exe

[2013/06/05 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller

[2013/06/05 03:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Ugwyaq

[2013/06/05 03:52:32 | 054,630,057 | ---- | C] (Sogou.com Inc.) -- C:\Uigrcw.exe

[2013/06/05 03:52:27 | 002,201,257 | ---- | C] (Sogou.com Inc.) -- C:\WINDOWS\sos.exe

[2013/05/30 09:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX37654A81

[2013/05/30 08:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan

[2013/05/29 05:48:06 | 000,500,680 | ---- | C] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe

[2013/05/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rumjow odsgi

[2013/05/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2013/05/24 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2013/05/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/05/24 11:01:37 | 025,817,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe

[2013/05/24 09:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller

[2013/05/24 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/05/24 09:48:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe

[2013/05/24 09:42:34 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap

[2013/05/24 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\INISet

[2013/05/24 09:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\liebao

[2013/05/24 05:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KingSoft

[2013/05/24 05:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent

[2013/05/24 05:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wuji

[2013/05/24 05:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\liebao

[2013/05/23 22:18:32 | 000,079,360 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe

[2013/05/23 22:15:01 | 000,256,988 | ---- | C] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe

[2013/05/23 08:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/05/22 10:48:57 | 000,172,170 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\18181.exe

[2013/05/20 10:18:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/05/20 08:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2013/05/17 16:48:10 | 000,047,104 | ---- | C] (Inside Core) -- C:\Documents and Settings\Administrator\Desktop\AutoRunExterminator.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/10 01:50:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Dragonwwwroot.job

[2013/06/10 01:25:12 | 000,000,000 | ---- | M] () -- C:\hexscrcc.exe

[2013/06/10 01:25:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexscrcc.exe

[2013/06/10 01:09:57 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DragonDB.job

[2013/06/10 00:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/09 13:06:13 | 000,000,000 | ---- | M] () -- C:\hex8.exe

[2013/06/09 13:06:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex8.exe

[2013/06/09 12:55:57 | 000,191,114 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rqty.vmp.exe

[2013/06/09 02:25:09 | 000,000,075 | ---- | M] () -- C:\xpoffice.exe.exe

[2013/06/09 02:25:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\xpoffice.exe.exe

[2013/06/08 17:11:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex888.exe

[2013/06/08 11:41:52 | 000,000,092 | --S- | M] () -- C:\WINDOWS\stm8.inf

[2013/06/08 06:09:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex8521.exe

[2013/06/07 22:30:57 | 000,002,318 | ---- | M] () -- C:\WINDOWS\taskmgr.exe

[2013/06/07 08:28:17 | 000,000,000 | ---- | M] () -- C:\hex219.exe

[2013/06/07 08:28:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex219.exe

[2013/06/07 07:21:14 | 000,000,071 | ---- | M] () -- C:\hex123.vbs

[2013/06/07 07:21:12 | 000,000,071 | ---- | M] () -- C:\WINDOWS\System32\hex123.vbs

[2013/06/07 07:20:01 | 000,012,623 | ---- | M] () -- C:\boot123.vbs

[2013/06/07 07:19:59 | 000,012,623 | ---- | M] () -- C:\WINDOWS\System32\boot123.vbs

[2013/06/07 07:19:51 | 000,000,066 | ---- | M] () -- C:\xp123.vbs

[2013/06/07 07:19:47 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\xp123.vbs

[2013/06/06 21:11:38 | 000,179,029 | ---- | M] () -- C:\WINDOWS\System32\LocalUser.exe

[2013/06/06 19:20:44 | 000,195,104 | ---- | M] () -- C:\WINDOWS\System\Consys05.dll

[2013/06/06 14:29:54 | 000,121,344 | ---- | M] () -- C:\WINDOWS\System32\1.exe

[2013/06/06 13:03:02 | 000,000,000 | ---- | M] () -- C:\hexServer.exe

[2013/06/06 08:01:40 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\rpc_start_16log.ini

[2013/06/05 21:26:42 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat

[2013/06/05 21:26:03 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System32\sb.bat

[2013/06/05 13:55:56 | 000,378,618 | ---- | M] () -- C:\WINDOWS\System32\hexLocalUser.exe

[2013/06/05 11:03:13 | 000,000,095 | ---- | M] () -- C:\xpQQPCMgr RTP Service.exe

[2013/06/05 11:03:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\xpQQPCMgr RTP Service.exe

[2013/06/05 09:44:31 | 000,000,000 | ---- | M] () -- C:\hex360.exe

[2013/06/05 09:44:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex360.exe

[2013/06/05 03:53:29 | 000,000,000 | ---- | M] () -- C:\hexsos.exe

[2013/06/05 03:53:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexsos.exe

[2013/06/05 03:52:55 | 000,000,500 | ---- | M] () -- C:\6680.vbs

[2013/06/05 03:52:43 | 000,000,500 | ---- | M] () -- C:\4021.vbs

[2013/06/05 03:52:36 | 054,630,057 | ---- | M] (Sogou.com Inc.) -- C:\Uigrcw.exe

[2013/06/05 03:52:27 | 002,201,257 | ---- | M] (Sogou.com Inc.) -- C:\WINDOWS\sos.exe

[2013/06/04 03:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexwintime.exe

[2013/06/03 22:15:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb

[2013/06/03 22:15:49 | 000,000,652 | ---- | M] () -- C:\WINDOWS\System32\censoredGOthin.inf

[2013/06/03 15:54:29 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\servger.exe

[2013/06/03 15:54:25 | 000,001,499 | ---- | M] () -- C:\WINDOWS\System32\vcinen.vbs

[2013/06/03 02:36:44 | 000,000,000 | ---- | M] () -- C:\hexServer.exe.exe

[2013/06/03 02:36:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexServer.exe.exe

[2013/06/03 02:35:38 | 000,000,077 | ---- | M] () -- C:\xpServer.exe.exe

[2013/06/03 02:35:36 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\xpServer.exe.exe

[2013/06/02 14:21:09 | 000,000,813 | ---- | M] () -- C:\WINDOWS\reg.bat

[2013/06/02 05:10:15 | 000,000,000 | ---- | M] () -- C:\hexcensored.exe

[2013/06/02 05:10:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexcensored.exe

[2013/06/02 00:34:06 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\hexsqlupdate.exe

[2013/06/02 00:32:49 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\stsqlupdate.exe

[2013/06/02 00:32:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\zysqlupdate.exe

[2013/06/02 00:32:34 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\onsqlupdate.exe

[2013/06/02 00:32:17 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\onfsqlupdate.dat

[2013/05/31 09:43:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\37654A81.key

[2013/05/30 09:20:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\37654A81

[2013/05/29 16:08:54 | 000,000,000 | ---- | M] () -- C:\hexapym.exe

[2013/05/29 16:08:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexapym.exe

[2013/05/29 11:39:32 | 000,000,000 | ---- | M] () -- C:\hex5.exe

[2013/05/29 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex5.exe

[2013/05/29 07:01:30 | 000,032,120 | ---- | M] () -- C:\WINDOWS\123.exe

[2013/05/29 05:48:06 | 000,500,680 | ---- | M] (搜狐) -- C:\WINDOWS\IFoxInstall-y-c206525652-nsi-s-x.exe

[2013/05/29 05:45:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf

[2013/05/29 05:45:28 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\back.dat

[2013/05/28 08:37:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\ewdffg.job

[2013/05/26 10:28:08 | 000,000,000 | ---- | M] () -- C:\hexaqypm.exe

[2013/05/26 10:28:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexaqypm.exe

[2013/05/24 11:02:56 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/24 10:53:17 | 025,817,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe

[2013/05/24 09:49:03 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk

[2013/05/24 09:43:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\revosetup.exe

[2013/05/24 09:43:04 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Administrator\Desktop\revosetup.exe.dap

[2013/05/24 05:30:16 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\cxg13.bat

[2013/05/24 05:29:44 | 000,000,725 | ---- | M] () -- C:\WINDOWS\System32\censoredgo.inf

[2013/05/23 22:18:32 | 000,079,360 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\hex350sb.exe

[2013/05/23 22:15:51 | 000,256,988 | ---- | M] (PPStream Inc.) -- C:\WINDOWS\System32\360sb.exe

[2013/05/23 08:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/05/22 10:48:57 | 000,172,170 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\18181.exe

[2013/05/20 14:48:41 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/05/20 12:25:37 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeltaCopy Client.lnk

[2013/05/20 11:54:30 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\net.exe

[2013/05/19 21:11:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zylve.exe.exe

[2013/05/19 21:11:40 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\onflve.dat

[2013/05/19 15:02:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\Themer.exe

[2013/05/18 21:30:05 | 000,000,500 | ---- | M] () -- C:\5368.vbs

[2013/05/16 03:49:39 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System\backs.dat

[2013/05/14 00:19:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/12 03:36:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zyuser$

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 01:25:12 | 000,000,000 | ---- | C] () -- C:\hexscrcc.exe

[2013/06/10 01:25:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexscrcc.exe

[2013/06/09 10:59:43 | 000,000,000 | ---- | C] () -- C:\hex8.exe

[2013/06/09 10:59:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex8.exe

[2013/06/09 02:25:09 | 000,000,075 | ---- | C] () -- C:\xpoffice.exe.exe

[2013/06/09 02:25:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\xpoffice.exe.exe

[2013/06/08 17:11:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex888.exe

[2013/06/07 22:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex8521.exe

[2013/06/07 11:50:39 | 000,107,369 | ---- | C] () -- C:\hexsvshost.exe

[2013/06/07 08:28:17 | 000,000,000 | ---- | C] () -- C:\hex219.exe

[2013/06/07 08:28:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex219.exe

[2013/06/07 07:19:57 | 000,012,623 | ---- | C] () -- C:\boot123.vbs

[2013/06/07 07:19:55 | 000,012,623 | ---- | C] () -- C:\WINDOWS\System32\boot123.vbs

[2013/06/06 21:11:32 | 000,179,029 | ---- | C] () -- C:\WINDOWS\System32\LocalUser.exe

[2013/06/06 19:20:30 | 000,195,104 | ---- | C] () -- C:\WINDOWS\System\Consys05.dll

[2013/06/06 14:29:43 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\1.exe

[2013/06/06 13:03:02 | 000,000,000 | ---- | C] () -- C:\hexServer.exe

[2013/06/05 23:42:53 | 000,002,318 | ---- | C] () -- C:\WINDOWS\taskmgr.exe

[2013/06/05 13:55:56 | 000,378,618 | ---- | C] () -- C:\WINDOWS\System32\hexLocalUser.exe

[2013/06/05 13:51:46 | 000,000,813 | ---- | C] () -- C:\WINDOWS\reg.bat

[2013/06/05 11:03:13 | 000,000,095 | ---- | C] () -- C:\xpQQPCMgr RTP Service.exe

[2013/06/05 11:03:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\xpQQPCMgr RTP Service.exe

[2013/06/05 09:44:31 | 000,000,000 | ---- | C] () -- C:\hex360.exe

[2013/06/05 09:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex360.exe

[2013/06/05 03:53:29 | 000,000,000 | ---- | C] () -- C:\hexsos.exe

[2013/06/05 03:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexsos.exe

[2013/06/05 03:52:55 | 000,000,500 | ---- | C] () -- C:\6680.vbs

[2013/06/05 03:52:43 | 000,000,500 | ---- | C] () -- C:\4021.vbs

[2013/06/04 03:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexwintime.exe

[2013/06/03 15:54:29 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\servger.exe

[2013/06/03 15:54:25 | 000,001,499 | ---- | C] () -- C:\WINDOWS\System32\vcinen.vbs

[2013/06/03 02:36:44 | 000,000,000 | ---- | C] () -- C:\hexServer.exe.exe

[2013/06/03 02:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexServer.exe.exe

[2013/06/03 02:35:38 | 000,000,077 | ---- | C] () -- C:\xpServer.exe.exe

[2013/06/03 02:35:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\xpServer.exe.exe

[2013/06/02 05:10:12 | 000,000,000 | ---- | C] () -- C:\hexcensored.exe

[2013/06/02 05:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexcensored.exe

[2013/06/02 00:34:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\hexsqlupdate.exe

[2013/06/02 00:32:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\stsqlupdate.exe

[2013/06/02 00:32:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zysqlupdate.exe

[2013/06/02 00:32:29 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\onsqlupdate.exe

[2013/06/02 00:32:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfsqlupdate.dat

[2013/05/30 11:40:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\37654A81.key

[2013/05/30 09:20:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\37654A81

[2013/05/29 16:08:54 | 000,000,000 | ---- | C] () -- C:\hexapym.exe

[2013/05/29 16:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexapym.exe

[2013/05/29 07:01:30 | 000,032,120 | ---- | C] () -- C:\WINDOWS\123.exe

[2013/05/29 05:45:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System\back.dat

[2013/05/29 04:04:46 | 000,000,000 | ---- | C] () -- C:\hex5.exe

[2013/05/29 04:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex5.exe

[2013/05/26 09:52:47 | 000,000,000 | ---- | C] () -- C:\hexaqypm.exe

[2013/05/26 09:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexaqypm.exe

[2013/05/24 11:02:56 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/24 09:49:03 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk

[2013/05/24 05:30:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\cxg13.bat

[2013/05/24 05:29:44 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\censoredgo.inf

[2013/05/20 14:48:36 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/05/19 21:11:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zylve.exe.exe

[2013/05/19 21:11:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\onflve.dat

[2013/05/18 21:30:05 | 000,000,500 | ---- | C] () -- C:\5368.vbs

[2013/05/12 17:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Themer.exe

[2013/05/12 00:28:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zyuser$

[2013/05/06 22:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\zynet2.0.exe

[2013/05/06 22:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onfnet2.dat

[2013/05/04 15:16:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xnary.dat

[2013/05/04 15:16:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\xas.dat

[2013/04/27 21:57:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hex23.exe

[2013/04/15 23:25:52 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\stteber.exe

[2013/04/15 23:25:37 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\onteber.exe

[2013/04/15 23:25:00 | 000,220,139 | ---- | C] () -- C:\WINDOWS\tebere.exe

[2013/04/15 23:24:44 | 000,220,139 | ---- | C] () -- C:\WINDOWS\System32\teber.exe

[2013/04/15 10:10:14 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\stvbsa.exe

[2013/04/06 23:02:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyDNSClient.exe

[2013/04/06 23:02:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\onfDNSClient.dat

[2013/03/27 11:26:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\sttzmm.exe

[2013/03/23 16:22:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\zyWMI.exe

[2013/03/23 16:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpWMI.exe

[2013/03/23 05:43:57 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\zyteel.exe

[2013/03/23 05:43:36 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\onfteel.dat

[2013/03/16 04:27:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\bz.ini

[2013/03/16 04:27:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\All Users\hkcmd.exe

[2013/03/07 04:17:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zy37.com

[2013/01/26 18:48:34 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\K3d_Driver.sys

[2013/01/23 10:38:30 | 000,084,680 | ---- | C] () -- C:\WINDOWS\Winxt.exe

[2013/01/22 17:30:08 | 000,001,054 | ---- | C] () -- C:\WINDOWS\System32\ssnetlay.sys

[2013/01/22 17:30:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\System32\servci.dll

[2013/01/22 17:30:07 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\neticp16.dll

[2013/01/22 17:30:02 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\mscoremgr.sys

[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\modload.dll

[2013/01/22 17:30:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\laynet32.dll

[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\lostslvrt.sys

[2013/01/22 17:30:01 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\coredebug.dll

[2013/01/22 17:30:01 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\dotnetfix.exe

[2013/01/22 17:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IO.SYS

[2013/01/22 17:30:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\bugload.dll

[2013/01/22 17:30:00 | 000,777,284 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf.ini

[2013/01/22 17:30:00 | 000,775,688 | ---- | C] () -- C:\WINDOWS\System32\aspnet_perf2.ini

[2013/01/22 17:30:00 | 000,042,868 | ---- | C] () -- C:\WINDOWS\System32\aspnet_state_perf.ini

[2013/01/22 17:30:00 | 000,000,833 | ---- | C] () -- C:\WINDOWS\System32\aspnet16.dll

[2013/01/22 17:29:26 | 000,001,750 | ---- | C] () -- C:\WINDOWS\System32\spools.dat

[2013/01/22 17:29:11 | 000,896,614 | ---- | C] () -- C:\WINDOWS\System32\isec.dll

[2013/01/20 16:12:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\shshougou.exe

[2013/01/13 10:06:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\hex3.exe

[2013/01/08 01:06:41 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zywuyu.exe

[2013/01/08 01:06:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe

[necro007]

Hi This is the 2nd part of the log:

[2013/01/07 17:23:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\shserzer.exe

[2013/01/05 13:07:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\741812.exe.xvx

[2013/01/05 13:06:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\625513.exe.xvx

[2013/01/05 12:50:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50950.exe.xvx

[2013/01/05 12:48:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4853299.exe.xvx

[2013/01/05 12:32:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3236946.exe.xvx

[2013/01/05 12:31:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3121650.exe.xvx

[2013/01/05 12:15:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\155219.exe.xvx

[2013/01/05 12:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349812.exe.xvx

[2013/01/05 11:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733757.exe.xvx

[2013/01/05 11:56:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5618288.exe.xvx

[2013/01/05 11:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401543.exe.xvx

[2013/01/05 11:38:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3846967.exe.xvx

[2013/01/05 11:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231131.exe.xvx

[2013/01/05 11:21:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2115161.exe.xvx

[2013/01/05 11:04:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\458573.exe.xvx

[2013/01/05 11:03:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\342916.exe.xvx

[2013/01/05 10:47:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4726359.exe.xvx

[2013/01/05 10:46:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4611580.exe.xvx

[2013/01/05 10:29:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2955133.exe.xvx

[2013/01/05 10:28:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2840666.exe.xvx

[2013/01/05 10:12:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1224293.exe.xvx

[2013/01/05 10:11:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1188.exe.xvx

[2013/01/05 09:55:54 | 000,036,020 | ---- | C] () -- C:\WINDOWS\Sklmnopqr_App.exe

[2013/01/05 09:54:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5451586.exe.xvx

[2013/01/05 09:53:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5336752.exe.xvx

[2013/01/05 09:37:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3715180.exe.xvx

[2013/01/05 09:36:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3559663.exe.xvx

[2013/01/05 09:19:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\193048.exe.xvx

[2013/01/05 09:18:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1815190.exe.xvx

[2013/01/05 09:02:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\158743.exe.xvx

[2013/01/05 09:00:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\043838.exe.xvx

[2013/01/05 08:44:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4427579.exe.xvx

[2013/01/05 08:43:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4312408.exe.xvx

[2013/01/05 08:26:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2656462.exe.xvx

[2013/01/05 08:25:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2542184.exe.xvx

[2013/01/05 08:09:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\92666.exe.xvx

[2013/01/05 08:08:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\810675.exe.xvx

[2013/01/05 07:51:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5154500.exe.xvx

[2013/01/05 07:50:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5038543.exe.xvx

[2013/01/05 07:34:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3421452.exe.xvx

[2013/01/05 07:33:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\335138.exe.xvx

[2013/01/05 07:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636491.exe.xvx

[2013/01/05 07:15:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1518676.exe.xvx

[2013/01/05 06:58:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5856926.exe.xvx

[2013/01/05 06:57:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5740720.exe.xvx

[2013/01/05 06:41:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4124461.exe.xvx

[2013/01/05 06:40:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\408272.exe.xvx

[2013/01/05 06:23:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235213.exe.xvx

[2013/01/05 06:22:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2237358.exe.xvx

[2013/01/05 06:06:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\621303.exe.xvx

[2013/01/05 06:05:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\57432.exe.xvx

[2013/01/05 05:48:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4851377.exe.xvx

[2013/01/05 05:47:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4736612.exe.xvx

[2013/01/05 05:31:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3120635.exe.xvx

[2013/01/05 05:30:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\305973.exe.xvx

[2013/01/05 05:13:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1348977.exe.xvx

[2013/01/05 05:12:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1234250.exe.xvx

[2013/01/05 04:55:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5558286.exe.xvx

[2013/01/05 04:54:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5444102.exe.xvx

[2013/01/05 04:38:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3827859.exe.xvx

[2013/01/05 04:37:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3711465.exe.xvx

[2013/01/05 04:20:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\20553.exe.xvx

[2013/01/05 04:19:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1940834.exe.xvx

[2013/01/05 04:03:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\324873.exe.xvx

[2013/01/05 04:02:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211111.exe.xvx

[2013/01/05 03:45:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4554789.exe.xvx

[2013/01/05 03:44:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4439602.exe.xvx

[2013/01/05 03:28:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2822857.exe.xvx

[2013/01/05 03:27:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\277450.exe.xvx

[2013/01/05 03:10:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1051377.exe.xvx

[2013/01/05 03:09:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\936182.exe.xvx

[2013/01/05 02:53:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5318404.exe.xvx

[2013/01/05 02:52:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\523611.exe.xvx

[2013/01/05 02:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528500.exe.xvx

[2013/01/05 02:34:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3414551.exe.xvx

[2013/01/05 02:17:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757885.exe.xvx

[2013/01/05 02:16:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1642917.exe.xvx

[2013/01/05 02:00:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\026689.exe.xvx

[2013/01/05 01:59:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5911377.exe.xvx

[2013/01/05 01:42:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4255337.exe.xvx

[2013/01/05 01:41:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4140871.exe.xvx

[2013/01/05 01:25:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2524612.exe.xvx

[2013/01/05 01:24:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2410646.exe.xvx

[2013/01/05 01:07:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\754496.exe.xvx

[2013/01/05 01:06:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\639731.exe.xvx

[2013/01/05 00:50:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\502399.exe.xvx

[2013/01/05 00:49:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\498412.exe.xvx

[2013/01/05 00:32:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3250167.exe.xvx

[2013/01/05 00:31:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\313516.exe.xvx

[2013/01/05 00:15:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\154197.exe.xvx

[2013/01/05 00:13:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1349934.exe.xvx

[2013/01/04 23:57:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5733894.exe.xvx

[2013/01/04 23:56:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5619506.exe.xvx

[2013/01/04 23:40:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\40375.exe.xvx

[2013/01/04 23:38:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3848483.exe.xvx

[2013/01/04 23:22:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2231644.exe.xvx

[2013/01/04 23:21:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\211752.exe.xvx

[2013/01/04 23:05:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\50664.exe.xvx

[2013/01/04 23:03:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\345498.exe.xvx

[2013/01/04 22:47:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\472873.exe.xvx

[2013/01/04 22:46:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4613112.exe.xvx

[2013/01/04 22:29:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2913561.exe.xvx

[2013/01/04 22:27:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2745178.exe.xvx

[2013/01/04 22:11:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\11528.exe.xvx

[2013/01/04 22:09:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\950357.exe.xvx

[2013/01/04 21:53:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5334302.exe.xvx

[2013/01/04 21:52:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5218833.exe.xvx

[2013/01/04 21:36:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\361979.exe.xvx

[2013/01/04 21:34:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3447293.exe.xvx

[2013/01/04 21:18:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1831442.exe.xvx

[2013/01/04 21:17:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1717398.exe.xvx

[2013/01/04 21:01:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\10748.exe.xvx

[2013/01/04 20:59:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946156.exe.xvx

[2013/01/04 20:43:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4329724.exe.xvx

[2013/01/04 20:42:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214616.exe.xvx

[2013/01/04 20:25:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2558592.exe.xvx

[2013/01/04 20:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443185.exe.xvx

[2013/01/04 20:08:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\826958.exe.xvx

[2013/01/04 20:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712193.exe.xvx

[2013/01/04 19:50:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5055512.exe.xvx

[2013/01/04 19:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4940747.exe.xvx

[2013/01/04 19:33:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3324410.exe.xvx

[2013/01/04 19:32:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\329521.exe.xvx

[2013/01/04 19:15:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1552776.exe.xvx

[2013/01/04 19:14:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\143670.exe.xvx

[2013/01/04 18:58:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\582015.exe.xvx

[2013/01/04 18:57:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\575454.exe.xvx

[2013/01/04 18:40:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4047284.exe.xvx

[2013/01/04 18:39:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3932614.exe.xvx

[2013/01/04 18:23:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2316449.exe.xvx

[2013/01/04 18:22:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\221982.exe.xvx

[2013/01/04 18:05:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\545739.exe.xvx

[2013/01/04 18:04:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\431367.exe.xvx

[2013/01/04 17:48:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4814904.exe.xvx

[2013/01/04 17:47:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\47046.exe.xvx

[2013/01/04 17:30:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3043615.exe.xvx

[2013/01/04 17:29:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2929117.exe.xvx

[2013/01/04 17:13:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1312811.exe.xvx

[2013/01/04 17:11:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1157185.exe.xvx

[2013/01/04 16:55:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5540535.exe.xvx

[2013/01/04 16:54:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5425363.exe.xvx

[2013/01/04 16:38:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\388995.exe.xvx

[2013/01/04 16:36:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3652836.exe.xvx

[2013/01/04 16:20:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2036687.exe.xvx

[2013/01/04 16:19:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1922205.exe.xvx

[2013/01/04 16:03:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\36338.exe.xvx

[2013/01/04 16:01:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\151871.exe.xvx

[2013/01/04 15:45:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\453517.exe.xvx

[2013/01/04 15:44:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4420253.exe.xvx

[2013/01/04 15:28:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\284292.exe.xvx

[2013/01/04 15:26:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2649621.exe.xvx

[2013/01/04 15:10:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1033269.exe.xvx

[2013/01/04 15:09:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\918316.exe.xvx

[2013/01/04 14:53:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531838.exe.xvx

[2013/01/04 14:51:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145461.exe.xvx

[2013/01/04 14:35:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3528199.exe.xvx

[2013/01/04 14:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413419.exe.xvx

[2013/01/04 14:17:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1757176.exe.xvx

[2013/01/04 14:16:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1641691.exe.xvx

[2013/01/04 14:00:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\024129.exe.xvx

[2013/01/04 13:59:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\599849.exe.xvx

[2013/01/04 13:42:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4253600.exe.xvx

[2013/01/04 13:41:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4137252.exe.xvx

[2013/01/04 13:25:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2516113.exe.xvx

[2013/01/04 13:24:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\240760.exe.xvx

[2013/01/04 13:07:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\729680.exe.xvx

[2013/01/04 13:06:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\614618.exe.xvx

[2013/01/04 12:49:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4958140.exe.xvx

[2013/01/04 12:48:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4842890.exe.xvx

[2013/01/04 12:32:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3226240.exe.xvx

[2013/01/04 12:31:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3111146.exe.xvx

[2013/01/04 12:14:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1454496.exe.xvx

[2013/01/04 12:13:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1337601.exe.xvx

[2013/01/04 11:57:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5720951.exe.xvx

[2013/01/04 11:56:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\565873.exe.xvx

[2013/01/04 11:39:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3949514.exe.xvx

[2013/01/04 11:38:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\383458.exe.xvx

[2013/01/04 11:22:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2217628.exe.xvx

[2013/01/04 11:21:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\212402.exe.xvx

[2013/01/04 11:04:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\436984.exe.xvx

[2013/01/04 11:03:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319287.exe.xvx

[2013/01/04 10:46:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4654551.exe.xvx

[2013/01/04 10:45:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4539975.exe.xvx

[2013/01/04 10:29:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2923920.exe.xvx

[2013/01/04 10:28:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\288247.exe.xvx

[2013/01/04 10:11:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1152113.exe.xvx

[2013/01/04 10:10:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1034702.exe.xvx

[2013/01/04 09:54:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5418381.exe.xvx

[2013/01/04 09:53:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\533475.exe.xvx

[2013/01/04 09:36:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3647216.exe.xvx

[2013/01/04 09:35:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3532358.exe.xvx

[2013/01/04 09:19:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1915490.exe.xvx

[2013/01/04 09:18:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1759390.exe.xvx

[2013/01/04 09:01:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431.exe.xvx

[2013/01/04 09:00:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\028602.exe.xvx

[2013/01/04 08:43:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4354663.exe.xvx

[2013/01/04 08:42:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4236213.exe.xvx

[2013/01/04 08:26:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2619876.exe.xvx

[2013/01/04 08:25:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\255519.exe.xvx

[2013/01/04 08:08:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\849464.exe.xvx

[2013/01/04 08:07:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\735373.exe.xvx

[2013/01/04 07:51:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\511952.exe.xvx

[2013/01/04 07:50:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\504867.exe.xvx

[2013/01/04 07:33:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3348217.exe.xvx

[2013/01/04 07:32:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3233327.exe.xvx

[2013/01/04 07:16:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1616974.exe.xvx

[2013/01/04 07:15:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\152711.exe.xvx

[2013/01/04 06:58:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5846330.exe.xvx

[2013/01/04 06:57:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\573244.exe.xvx

[2013/01/04 06:41:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4115309.exe.xvx

[2013/01/04 06:40:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\401231.exe.xvx

[2013/01/04 06:23:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2325609.exe.xvx

[2013/01/04 06:22:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2210923.exe.xvx

[2013/01/04 06:05:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\554476.exe.xvx

[2013/01/04 06:04:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\439790.exe.xvx

[2013/01/04 05:48:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4823547.exe.xvx

[2013/01/04 05:47:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\478172.exe.xvx

[2013/01/04 05:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051709.exe.xvx

[2013/01/04 05:29:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2936851.exe.xvx

[2013/01/04 05:13:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1319793.exe.xvx

[2013/01/04 05:12:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124496.exe.xvx

[2013/01/04 04:55:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5548252.exe.xvx

[2013/01/04 04:54:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5433863.exe.xvx

[2013/01/04 04:38:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3817868.exe.xvx

[2013/01/04 04:37:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373695.exe.xvx

[2013/01/04 04:20:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2045959.exe.xvx

[2013/01/04 04:19:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1931310.exe.xvx

[2013/01/04 04:02:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\256229.exe.xvx

[2013/01/04 04:01:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\141230.exe.xvx

[2013/01/04 03:45:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4524579.exe.xvx

[2013/01/04 03:44:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\449596.exe.xvx

[2013/01/04 03:27:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2753149.exe.xvx

[2013/01/04 03:26:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2639105.exe.xvx

[2013/01/04 03:10:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1022925.exe.xvx

[2013/01/04 03:09:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\98756.exe.xvx

[2013/01/04 02:52:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5252230.exe.xvx

[2013/01/04 02:51:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513861.exe.xvx

[2013/01/04 02:35:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3521866.exe.xvx

[2013/01/04 02:34:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\347660.exe.xvx

[2013/01/04 02:17:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1750704.exe.xvx

[2013/01/04 02:16:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1636109.exe.xvx

[2013/01/04 02:00:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01730.exe.xvx

[2013/01/04 01:58:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584148.exe.xvx

[2013/01/04 01:41:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\405975.exe.xvx

[2013/01/04 01:39:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3943794.exe.xvx

[2013/01/04 01:23:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2327347.exe.xvx

[2013/01/04 01:22:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2212959.exe.xvx

[2013/01/04 01:05:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\556606.exe.xvx

[2013/01/04 01:04:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\441732.exe.xvx

[2013/01/04 00:48:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4825285.exe.xvx

[2013/01/04 00:47:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4711210.exe.xvx

[2013/01/04 00:30:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3054654.exe.xvx

[2013/01/04 00:29:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2939592.exe.xvx

[2013/01/04 00:13:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1323349.exe.xvx

[2013/01/04 00:12:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\128271.exe.xvx

[2013/01/03 23:55:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\555212.exe.xvx

[2013/01/03 23:54:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5437749.exe.xvx

[2013/01/03 23:38:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3821616.exe.xvx

[2013/01/03 23:37:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\377337.exe.xvx

[2013/01/03 23:20:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2051157.exe.xvx

[2013/01/03 23:19:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1935781.exe.xvx

[2013/01/03 23:03:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\319930.exe.xvx

[2013/01/03 23:02:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\25181.exe.xvx

[2013/01/03 22:45:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4548719.exe.xvx

[2013/01/03 22:44:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\443433.exe.xvx

[2013/01/03 22:28:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2817774.exe.xvx

[2013/01/03 22:27:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\273213.exe.xvx

[2013/01/03 22:10:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1046767.exe.xvx

[2013/01/03 22:09:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\931282.exe.xvx

[2013/01/03 21:53:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\531539.exe.xvx

[2013/01/03 21:52:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5159538.exe.xvx

[2013/01/03 21:35:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3543217.exe.xvx

[2013/01/03 21:34:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3428719.exe.xvx

[2013/01/03 21:18:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1812382.exe.xvx

[2013/01/03 21:16:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\165825.exe.xvx

[2013/01/03 21:00:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\041562.exe.xvx

[2013/01/03 20:59:28 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\592780.exe.xvx

[2013/01/03 20:43:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4310523.exe.xvx

[2013/01/03 20:41:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4155759.exe.xvx

[2013/01/03 20:25:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2539688.exe.xvx

[2013/01/03 20:24:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2425316.exe.xvx

[2013/01/03 20:08:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\89464.exe.xvx

[2013/01/03 20:06:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\654700.exe.xvx

[2013/01/03 19:50:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\503865.exe.xvx

[2013/01/03 19:49:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4924100.exe.xvx

[2013/01/03 19:33:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\337355.exe.xvx

[2013/01/03 19:31:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3152654.exe.xvx

[2013/01/03 19:15:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\153619.exe.xvx

[2013/01/03 19:14:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1421161.exe.xvx

[2013/01/03 18:58:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\584479.exe.xvx

[2013/01/03 18:56:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5648822.exe.xvx

[2013/01/03 18:40:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4031937.exe.xvx

[2013/01/03 18:39:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3917282.exe.xvx

[2013/01/03 18:23:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\230318.exe.xvx

[2013/01/03 18:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2144661.exe.xvx

[2013/01/03 18:05:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\527807.exe.xvx

[2013/01/03 18:04:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\411884.exe.xvx

[2013/01/03 17:47:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4755813.exe.xvx

[2013/01/03 17:46:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4641346.exe.xvx

[2013/01/03 17:30:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3022800.exe.xvx

[2013/01/03 17:29:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\297723.exe.xvx

[2013/01/03 17:12:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1251464.exe.xvx

[2013/01/03 17:11:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1136997.exe.xvx

[2013/01/03 16:55:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5520363.exe.xvx

[2013/01/03 16:54:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\544643.exe.xvx

[2013/01/03 16:37:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3748713.exe.xvx

[2013/01/03 16:36:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3634685.exe.xvx

[2013/01/03 16:20:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2018395.exe.xvx

[2013/01/03 16:19:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\19335.exe.xvx

[2013/01/03 16:02:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\246463.exe.xvx

[2013/01/03 16:01:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\13188.exe.xvx

[2013/01/03 15:45:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4514250.exe.xvx

[2013/01/03 15:44:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4359360.exe.xvx

[2013/01/03 15:27:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2742913.exe.xvx

[2013/01/03 15:26:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2628633.exe.xvx

[2013/01/03 15:10:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1012521.exe.xvx

[2013/01/03 15:08:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\857239.exe.xvx

[2013/01/03 14:52:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5239664.exe.xvx

[2013/01/03 14:51:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5124555.exe.xvx

[2013/01/03 14:34:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3449104.exe.xvx

[2013/01/03 14:33:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3334512.exe.xvx

[2013/01/03 14:17:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\171865.exe.xvx

[2013/01/03 14:16:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\163395.exe.xvx

[2013/01/03 13:59:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5946854.exe.xvx

[2013/01/03 13:58:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5830853.exe.xvx

[2013/01/03 13:42:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4214437.exe.xvx

[2013/01/03 13:41:01 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4059736.exe.xvx

[2013/01/03 13:24:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2443211.exe.xvx

[2013/01/03 13:23:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2328807.exe.xvx

[2013/01/03 13:07:13 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\712279.exe.xvx

[2013/01/03 13:05:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\557483.exe.xvx

[2013/01/03 12:49:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\494126.exe.xvx

[2013/01/03 12:48:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4826352.exe.xvx

[2013/01/03 12:36:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\sh3swu.exe

[2013/01/03 12:32:08 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\327396.exe.xvx

[2013/01/03 12:30:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3051769.exe.xvx

[2013/01/03 12:14:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1419724.exe.xvx

[2013/01/03 12:13:06 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\134552.exe.xvx

[2013/01/03 11:56:49 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\564811.exe.xvx

[2013/01/03 11:55:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5532621.exe.xvx

[2013/01/03 11:39:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3916565.exe.xvx

[2013/01/03 11:38:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\381206.exe.xvx

[2013/01/03 11:21:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2145151.exe.xvx

[2013/01/03 11:20:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2029964.exe.xvx

[2013/01/03 11:04:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\413532.exe.xvx

[2013/01/03 11:03:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\259269.exe.xvx

[2013/01/03 10:46:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4642786.exe.xvx

[2013/01/03 10:45:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4527708.exe.xvx

[2013/01/03 10:29:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2910803.exe.xvx

[2013/01/03 10:27:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2755764.exe.xvx

[2013/01/03 10:11:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1133808.exe.xvx

[2013/01/03 10:10:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1017830.exe.xvx

[2013/01/03 09:53:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5348723.exe.xvx

[2013/01/03 09:52:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5233834.exe.xvx

[2013/01/03 09:36:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3617872.exe.xvx

[2013/01/03 09:35:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\352403.exe.xvx

[2013/01/03 09:18:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1846473.exe.xvx

[2013/01/03 09:17:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1731599.exe.xvx

[2013/01/03 09:01:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115450.exe.xvx

[2013/01/03 09:00:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\01266.exe.xvx

[2013/01/03 08:43:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4344709.exe.xvx

[2013/01/03 08:42:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4229569.exe.xvx

[2013/01/03 08:26:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2612768.exe.xvx

[2013/01/03 08:24:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2456983.exe.xvx

[2013/01/03 08:08:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\840537.exe.xvx

[2013/01/03 08:07:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\724854.exe.xvx

[2013/01/03 07:50:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5056269.exe.xvx

[2013/01/03 07:49:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4938132.exe.xvx

[2013/01/03 07:33:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3317205.exe.xvx

[2013/01/03 07:32:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\32336.exe.xvx

[2013/01/03 07:15:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1546903.exe.xvx

[2013/01/03 07:14:33 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1431543.exe.xvx

[2013/01/03 06:58:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5814971.exe.xvx

[2013/01/03 06:56:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5657575.exe.xvx

[2013/01/03 06:40:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4041113.exe.xvx

[2013/01/03 06:39:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3925941.exe.xvx

[2013/01/03 06:23:11 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\239980.exe.xvx

[2013/01/03 06:21:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2154621.exe.xvx

[2013/01/03 06:05:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\538328.exe.xvx

[2013/01/03 06:04:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\42356.exe.xvx

[2013/01/03 05:48:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\485843.exe.xvx

[2013/01/03 05:46:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4648981.exe.xvx

[2013/01/03 05:30:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\301384.exe.xvx

[2013/01/03 05:28:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2858430.exe.xvx

[2013/01/03 05:12:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124261.exe.xvx

[2013/01/03 05:11:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1125574.exe.xvx

[2013/01/03 04:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\559534.exe.xvx

[2013/01/03 04:53:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5354942.exe.xvx

[2013/01/03 04:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373913.exe.xvx

[2013/01/03 04:36:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3623622.exe.xvx

[2013/01/03 04:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\207770.exe.xvx

[2013/01/03 04:18:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1850390.exe.xvx

[2013/01/03 04:02:32 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\231106.exe.xvx

[2013/01/03 04:01:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\115542.exe.xvx

[2013/01/03 03:45:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4459132.exe.xvx

[2013/01/03 03:43:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\434438.exe.xvx

[2013/01/03 03:27:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2725121.exe.xvx

[2013/01/03 03:26:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\268496.exe.xvx

[2013/01/03 03:09:16 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\914975.exe.xvx

[2013/01/03 03:08:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\80994.exe.xvx

[2013/01/03 02:51:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5144641.exe.xvx

[2013/01/03 02:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5029469.exe.xvx

[2013/01/03 02:34:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3413210.exe.xvx

[2013/01/03 02:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3255924.exe.xvx

[2013/01/03 02:16:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1639979.exe.xvx

[2013/01/03 02:15:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1524494.exe.xvx

[2013/01/03 01:59:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\597938.exe.xvx

[2013/01/03 01:57:55 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5753581.exe.xvx

[2013/01/03 01:41:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4129866.exe.xvx

[2013/01/03 01:40:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4015587.exe.xvx

[2013/01/03 01:24:00 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2359140.exe.xvx

[2013/01/03 01:22:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2244846.exe.xvx

[2013/01/03 01:06:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\628712.exe.xvx

[2013/01/03 01:05:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\513557.exe.xvx

[2013/01/03 00:48:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4856984.exe.xvx

[2013/01/03 00:47:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4742502.exe.xvx

[2013/01/03 00:31:27 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3126275.exe.xvx

[2013/01/03 00:30:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3011479.exe.xvx

[2013/01/03 00:13:56 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1355220.exe.xvx

[2013/01/03 00:12:41 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\124080.exe.xvx

[2013/01/02 23:56:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5623712.exe.xvx

[2013/01/02 23:55:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\558932.exe.xvx

[2013/01/02 23:38:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3852657.exe.xvx

[2013/01/02 23:37:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3738519.exe.xvx

[2013/01/02 23:21:23 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2122541.exe.xvx

[2013/01/02 23:20:09 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\208184.exe.xvx

[2013/01/02 23:03:52 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\351352.exe.xvx

[2013/01/02 23:02:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\235259.exe.xvx

[2013/01/02 22:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4616215.exe.xvx

[2013/01/02 22:45:02 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\450545.exe.xvx

[2013/01/02 22:28:38 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2837389.exe.xvx

[2013/01/02 22:27:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2723110.exe.xvx

[2013/01/02 22:11:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\116362.exe.xvx

[2013/01/02 22:09:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\951660.exe.xvx

[2013/01/02 21:53:36 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5335452.exe.xvx

[2013/01/02 21:52:22 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5220724.exe.xvx

[2013/01/02 21:35:59 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3558137.exe.xvx

[2013/01/02 21:34:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3441786.exe.xvx

[2013/01/02 21:18:21 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1820488.exe.xvx

[2013/01/02 21:17:07 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\175834.exe.xvx

[2013/01/02 21:00:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\048648.exe.xvx

[2013/01/02 20:59:35 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5933679.exe.xvx

[2013/01/02 20:43:18 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4317513.exe.xvx

[2013/01/02 20:42:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\422293.exe.xvx

[2013/01/02 20:25:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2540721.exe.xvx

[2013/01/02 20:24:25 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\242433.exe.xvx

[2013/01/02 20:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\84319.exe.xvx

[2013/01/02 20:06:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\650259.exe.xvx

[2013/01/02 19:50:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5028842.exe.xvx

[2013/01/02 19:49:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4913763.exe.xvx

[2013/01/02 19:32:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3257128.exe.xvx

[2013/01/02 19:31:43 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3141613.exe.xvx

[2013/01/02 19:15:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1517886.exe.xvx

[2013/01/02 19:14:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\142199.exe.xvx

[2013/01/02 18:57:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5744843.exe.xvx

[2013/01/02 18:56:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\563079.exe.xvx

[2013/01/02 18:40:14 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013536.exe.xvx

[2013/01/02 18:38:58 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3857329.exe.xvx

[2013/01/02 18:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2240821.exe.xvx

[2013/01/02 18:21:26 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2124813.exe.xvx

[2013/01/02 18:05:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\53983.exe.xvx

[2013/01/02 18:03:51 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\349676.exe.xvx

[2013/01/02 17:47:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4730197.exe.xvx

[2013/01/02 17:46:17 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4615946.exe.xvx

[2013/01/02 17:29:45 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2944435.exe.xvx

[2013/01/02 17:28:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2828355.exe.xvx

[2013/01/02 17:12:10 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\129277.exe.xvx

[2013/01/02 17:10:54 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1052696.exe.xvx

[2013/01/02 16:54:37 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5436343.exe.xvx

[2013/01/02 16:53:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5319386.exe.xvx

[2013/01/02 16:37:04 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\373111.exe.xvx

[2013/01/02 16:35:50 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3548942.exe.xvx

[2013/01/02 16:19:34 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1932868.exe.xvx

[2013/01/02 16:18:19 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1817726.exe.xvx

[2013/01/02 16:02:03 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\21708.exe.xvx

[2013/01/02 16:00:48 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\046669.exe.xvx

[2013/01/02 15:44:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4428268.exe.xvx

[2013/01/02 15:43:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4311238.exe.xvx

[2013/01/02 15:26:53 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2652639.exe.xvx

[2013/01/02 15:25:40 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2538525.exe.xvx

[2013/01/02 15:09:20 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\919508.exe.xvx

[2013/01/02 15:08:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\83984.exe.xvx

[2013/01/02 14:51:46 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5145600.exe.xvx

[2013/01/02 14:50:31 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5030170.exe.xvx

[2013/01/02 14:34:12 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3410727.exe.xvx

[2013/01/02 14:32:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\3256363.exe.xvx

[2013/01/02 14:16:39 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1637707.exe.xvx

[2013/01/02 14:15:24 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\1522889.exe.xvx

[2013/01/02 13:59:05 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\593754.exe.xvx

[2013/01/02 13:57:47 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\5746478.exe.xvx

[2013/01/02 13:41:29 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4128117.exe.xvx

[2013/01/02 13:40:15 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\4013599.exe.xvx

[2013/01/02 13:23:57 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2355881.exe.xvx

[2013/01/02 13:22:42 | 000,001,308 | ---- | C] () -- C:\WINDOWS\System32\2239992.exe.xvx

[2012/12/03 03:51:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\WCASvc.dll

[2012/11/05 03:15:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\amd.dll

[2012/11/05 03:15:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\amd.dll

[2012/11/01 15:23:22 | 000,095,330 | ---- | C] () -- C:\WINDOWS\System32\wkscil.dll

[2012/05/14 10:47:36 | 000,429,928 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll

[2012/04/24 05:02:43 | 000,490,496 | ---- | C] () -- C:\Documents and Settings\Administrator\33.exe

[2011/10/16 12:57:02 | 000,030,409 | ---- | C] () -- C:\WINDOWS\System32\mmsql.dll

[2011/06/17 01:47:08 | 000,008,085 | ---- | C] () -- C:\WINDOWS\System32\mysql32.dll

[2010/03/26 08:20:00 | 021,994,183 | ---- | C] () -- C:\Documents and Settings\Administrator\EC_Image.rar

[2009/11/23 17:10:34 | 000,044,403 | ---- | C] () -- C:\Documents and Settings\Administrator\logo.miff

[2009/08/26 09:48:10 | 000,113,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/08/25 11:30:31 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites.axl

[2009/05/29 15:50:52 | 000,007,176 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/04/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\concert

[2008/10/31 09:52:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\persistent_state

[2008/10/31 09:52:08 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsdefaults.properties

[2008/10/31 09:52:08 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsclient.properties

[2008/10/31 09:50:02 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Administrator\aimsproxy.properties

[2008/08/07 15:33:05 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/05/26 12:13:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:46 | 001,515,008 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2005/03/24 18:01:54 | 000,482,304 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2005/03/24 18:26:16 | 000,278,016 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Runonce:NUL

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

[necro007]

Hi this is the Extra's :

OTL Extras logfile created on: 2013/06/10 12:02:17 PM - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free

5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.58% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 231.75 Gb Total Space | 61.98 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Drive D: | 464.73 Gb Total Space | 267.02 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Drive E: | 464.73 Gb Total Space | 276.44 Gb Free Space | 59.48% Space Free | Partition Type: NTFS

Computer Name: DRAGON | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe ()

.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe ()

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe ()

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe ()

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe ()

.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1"

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = Liebao.HTML] -- "C:\Program Files\liebao\LBBrowser\liebao.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05A646C0-2068-4536-BAD3-4CAFA500FA8A}" = ServerView RAID

"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005

"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools

"{1DF999AD-1654-4C80-864E-C2E2284C8FD5}" = Fujitsu Siemens ServerView Agents

"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop

"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0

"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{5D81D227-790A-43D8-BD30-6A7935CD6837}" = MadOnion.com/PCMark2002

"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2

"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11

"{752AE27D-0AE5-4728-B615-308926C04A91}" = ArcGIS ArcIMS

"{7F2357C7-4F66-4FE6-952A-EEF701AA368A}" = ArcGIS Image Server Tutorial

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B799ADD-7E5C-41B9-936B-942F3CAE42A0}" = Jakarta Isapi Redirector

"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4

"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)

"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1

"{A20152C1-6CB7-4343-9C12-BEAB68952D9E}" = ArcGIS 9.2 Demos Print Custom Web ADF Task

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch

"{ACDE005A-598D-4147-9482-880723015E3B}" = ArcGIS Image Server

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus

"{C1755A45-D393-4E72-9FF8-88A328602D57}" = Fujitsu Siemens GlobalFlash Service

"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}" = DeltaCopy

"{DA41E333-39E0-4956-A329-DFC75F0A353A}" = ArcGIS ArcSDE for Microsoft SQL Server

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0

"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services

"{FC195F9B-059C-4D21-B937-24687368D192}" = Windows Agent

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)

"ArcGIS License Manager" = ArcGIS License Manager

"ATI Display Driver" = ATI Display Driver

"Complitly_is1" = Complitly

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"ESET Online Scanner" = ESET Online Scanner v3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ImageMagick 6.4.1 Q16_is1" = ImageMagick 6.4.1-8 Q16 (07/01/08)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PHP 5.1.2" = PHP 5.1.2

"Raster Utilities_is1" = Raster Utilities v1.0

"Revo Uninstaller" = Revo Uninstaller 1.94

"TeamViewer 8" = TeamViewer 8

"UPSMON Plus for Windows_is1" = UPSMON Plus for Windows

"WIC" = Windows Imaging Component

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 1

"XXConsole" = XXConsole: Super Console Generator ver 0.96

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013/06/06 06:24:53 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/07 05:29:01 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 17052

Description =

Error - 2013/06/07 05:29:14 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 17052

Description =

Error - 2013/06/07 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/07 06:24:10 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/08 06:23:49 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/08 06:23:49 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/09 09:43:06 AM | Computer Name = DRAGON | Source = MSSQLSERVER | ID = 26040

Description = Server TCP provider has stopped listening on port [ 1433 ] due to

a failure. Error: 0x2747, state: 1. The server will automatically attempt to reestablish

listening.

Error - 2013/06/09 06:23:54 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'wmerrrCHS.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

Error - 2013/06/09 06:23:54 PM | Computer Name = DRAGON | Source = MySQL | ID = 100

Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,

see Help and Support Center at http://www.mysql.com.

[ System Events ]

Error - 2013/06/10 06:09:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/10 06:09:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/10 06:10:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/10 06:10:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/10 06:11:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/10 06:11:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/10 06:12:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/10 06:12:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

Error - 2013/06/10 06:13:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Agent Service

service to connect.

Error - 2013/06/10 06:13:34 AM | Computer Name = DRAGON | Source = Service Control Manager | ID = 7000

Description = The Windows Agent Service service failed to start due to the following

error: %%1053

< End of report >

[D-FRED-BROWN]

Well, here goes...

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox. fix.txt
  Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  

[necro007]

Hi, i can't seem to run that. It causes the PC to crash to a blue screen.

Tried twice.

[D-FRED-BROWN]

Let's try this:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  
• Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  

• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  
• Please be patient as this scan could take a long time to complete.
  
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  
• Click Select All, then choose Cure > Move incurable.
  
• In the top menu, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

[D-FRED-BROWN]

Are you still with me?

[necro007]

Hi D-Fred Brown,

 

Sorry about the late reply. I've been trying to get management to allow me to take down the Server for maintenance.

Hopefully it won't be much longer.

Will keep you posted.

[D-FRED-BROWN]

No worries. Take all the time you need.

[necro007]

Hi D-Fred Brown,

 

I have received the go ahead to run the scans. Unfortunately I've come across a new issue.

When i boot into the server. Using the normal way or using safe mode. The explorer.exe process is not running so i can't access the desktop or anything. I can't start it as taskmanager process is corrupted. comes up with would you like to debug the process. 

 

I have tried multiple times to restart it but it still does the same thing.

[D-FRED-BROWN]

I think we're nearing the end of the line on this one. If system files are starting to get corrupt, there's realy not much else we can do to render this machine completely safe. I would strongly encourage you to reformat and reinstall the machine- it would be in your best interest to spend the time doing this and have the peace of mind of a safe machine, rather than continue with this one which is still likely to have some malware on it despite our best efforts.

[necro007]

Hi D-Fred-Brown

 

I agree. Thank you for all your help. 

I really appreciate it. 

Regards,

[D-FRED-BROWN]

If you need any help with reformatting or configuring a new security setup, let me know.