alximika Публикувано Януари 6, 2013 Report Share Публикувано Януари 6, 2013 OTL Extras logfile created on: 06.1.2013 г. 18:55:36 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\BARRIO OOD\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1014,07 Mb Total Physical Memory | 294,52 Mb Available Physical Memory | 29,04% Memory free3,87 Gb Paging File | 3,12 Gb Available in Paging File | 80,45% Paging File freePaging file location(s): C:\pagefile.sys 3048 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 29,99 Gb Total Space | 3,10 Gb Free Space | 10,33% Space Free | Partition Type: NTFSDrive D: | 44,53 Gb Total Space | 39,68 Gb Free Space | 89,10% Space Free | Partition Type: NTFS Computer Name: BARRRIO | User Name: BARRIO OOD | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.).js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe ().jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe ().vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe ().vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe ().wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe ().wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe () [HKEY_USERS\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1 -- ()"AntiVirusDisableNotify" = 1 -- ()"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 1 -- ()"AntiVirusOverride" = 0"FirewallOverride" = 1 -- () [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8"{6FFEF5E1-F7B0-40DD-838D-557BD7EE4301}" = TP-LINK Wireless Utility"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Sopcast Ask Toolbar"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A3E5FC8B-689E-46FE-A7F8-C39A96A94FCF}" = Microinvest Warehouse Pro"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP2"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CF521F76-4B6C-408A-AC0E-65514405576B}" = Microinvest Warehouse Pro Light"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)"AC3Filter" = AC3Filter (remove only)"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30"AngelPotion Video Codec V1" = AngelPotion Video Codec V1"avast" = avast! Free Antivirus"BitComet" = BitComet 1.32"CCleaner" = CCleaner"DAEMON Tools Pro" = DAEMON Tools Pro"FlexType 2K" = FlexType 2K"Google Chrome" = Google Chrome"ie8" = Windows Internet Explorer 8"iLivid" = iLivid"McAfee Security Scan" = McAfee Security Scan Plus"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Searchqu Toolbar" = Searchqu Toolbar"SopCast" = SopCast 3.5.0"Steam App 12320" = Sacred Gold"Steam App 33130" = Zombie Shooter"WinRAR archiver" = Архиватор WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{79A765E1-C399-405B-85AF-466F52E918B0}" = Sopcast Ask Toolbar Updater ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{79A765E1-C399-405B-85AF-466F52E918B0}" = Sopcast Ask Toolbar Updater ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{79A765E1-C399-405B-85AF-466F52E918B0}" = Sopcast Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ System Events ]Error - 06.1.2013 г. 09:00:00 | Computer Name = BARRRIO | Source = Schedule | ID = 7901Description = The At16.job command failed to start due to the following error: %%2147942403 Error - 06.1.2013 г. 09:12:00 | Computer Name = BARRRIO | Source = DCOM | ID = 10005Description = DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error - 06.1.2013 г. 09:12:01 | Computer Name = BARRRIO | Source = Service Control Manager | ID = 7009Description = Timeout (30000 milliseconds) waiting for the Услуга на Google Актуализация (gupdate) service to connect. Error - 06.1.2013 г. 09:12:01 | Computer Name = BARRRIO | Source = Service Control Manager | ID = 7000Description = The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: %%1053 Error - 06.1.2013 г. 10:00:00 | Computer Name = BARRRIO | Source = Schedule | ID = 7901Description = The At17.job command failed to start due to the following error: %%2147942403 Error - 06.1.2013 г. 11:00:00 | Computer Name = BARRRIO | Source = Schedule | ID = 7901Description = The At18.job command failed to start due to the following error: %%2147942403 Error - 06.1.2013 г. 12:00:00 | Computer Name = BARRRIO | Source = Schedule | ID = 7901Description = The At19.job command failed to start due to the following error: %%2147942403 Error - 06.1.2013 г. 12:44:17 | Computer Name = BARRRIO | Source = Service Control Manager | ID = 7023Description = The Fghijk Mnopqrst Vwxyabcd Fghi service terminated with the following error: %%126 Error - 06.1.2013 г. 12:44:17 | Computer Name = BARRRIO | Source = Service Control Manager | ID = 7023Description = The Computer Browser service terminated with the following error: %%1060 Error - 06.1.2013 г. 13:00:00 | Computer Name = BARRRIO | Source = Schedule | ID = 7901Description = The At20.job command failed to start due to the following error: %%2147942403 < End of report > ------------------------------------------------------------------------------------------------------- OTL logfile created on: 06.1.2013 г. 18:55:36 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\BARRIO OOD\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1014,07 Mb Total Physical Memory | 294,52 Mb Available Physical Memory | 29,04% Memory free3,87 Gb Paging File | 3,12 Gb Available in Paging File | 80,45% Paging File freePaging file location(s): C:\pagefile.sys 3048 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 29,99 Gb Total Space | 3,10 Gb Free Space | 10,33% Space Free | Partition Type: NTFSDrive D: | 44,53 Gb Total Space | 39,68 Gb Free Space | 89,10% Space Free | Partition Type: NTFS Computer Name: BARRRIO | User Name: BARRIO OOD | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\BARRIO OOD\Desktop\OTL.exe (OldTimer Tools)PRC - C:\WINDOWS\pmhbme.exe (Youku.com)PRC - C:\WINDOWS\system32\hex999.exe (酷狗游戏)PRC - C:\WINDOWS\system32\qukwkq.exe (Acronis)PRC - C:\WINDOWS\system32\hexhong.exe (Tendyron Co, Ltd.)PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)PRC - C:\Program Files\Microinvest\Warehouse Pro\Microinvest Warehouse.exe (Microinvest Ltd)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)PRC - C:\WINDOWS\Datecs\Flex2K.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\13010600\algo.dll ()MOD - C:\Program Files\AVAST Software\Avast\defs\13010301\algo.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fba5762199fc6763c8aaddc16abebcd\System.Web.Services.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38a190d849769ca2a9b174bd7253913c\Microsoft.VisualBasic.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\e53a20c60783dde7ba6bb390765536aa\System.Design.ni.dll ()MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()MOD - C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll ()MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll ()MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()MOD - C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll ()MOD - C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ()MOD - C:\Program Files\Microinvest\Warehouse Pro\Serialization.dll ()MOD - C:\WINDOWS\Datecs\Flex2K.exe ()MOD - C:\WINDOWS\system32\newdll.dll () ========== Services (SafeList) ========== SRV - (Mxxn Xiang) -- C:\WINDOWS\system32\hcbxoe.exe File not foundSRV - (Fghijk Mnopqrst Vwx) -- C:\WINDOWS\system32\1247291204.dll File not foundSRV - (DirectX Renyess.) -- C:\WINDOWS\system32\qgyykg.exe File not foundSRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not foundSRV - (Abcdef Hijklmno Qrs) -- C:\Program Files\Fbcd\Kbcdefghi.gif File not foundSRV - (WinHelper) -- C:\WINDOWS\pmhbme.exe (Youku.com)SRV - (DSsdasasLserverrnu) -- C:\WINDOWS\system32\hex999.exe (酷狗游戏)SRV - (DSLsesdsddsrvervqw) -- C:\WINDOWS\system32\qukwkq.exe (Acronis)SRV - (DSLsasserverbgk) -- C:\WINDOWS\system32\hexhong.exe (Tendyron Co, Ltd.)SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not foundDRV - (PDRFRAME) -- File not foundDRV - (PDRELI) -- File not foundDRV - (PDFRAME) -- File not foundDRV - (PDCOMP) -- File not foundDRV - (PCIDump) -- File not foundDRV - (lbrtfdc) -- File not foundDRV - (i2omgmt) -- File not foundDRV - (Changer) -- File not foundDRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=117&systemid=406&sr=0&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bgIE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 4E 19 B9 A9 E2 CD 01 [binary data]IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\SearchScopes\{421F427B-7E8D-4F2E-8FE7-5A2428BD518E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=PV&apn_dtid=YYYYYYYYBG&apn_uid=47423ef6-ce7e-43f3-a12f-937724c96d92&apn_sauid=686CF116-F071-477B-84DC-617D31025678IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=117&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Ask.com"FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=15003"FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1426FF - prefs.js..extensions.enabledAddons: %7B288479BE-1B9E-11E2-80EA-F3246188709B%7D:1.1FF - prefs.js..extensions.enabledAddons: %7B5e2b2bcc-767d-4077-bf8e-67d7a9861ec4%7D:1.8FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&apn_uid=47423ef6-ce7e-43f3-a12f-937724c96d92&apn_ptnrs=PV&apn_sauid=686CF116-F071-477B-84DC-617D31025678&apn_dtid=YYYYYYYYBG&&q="FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012.04.09 03:08:23 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.04.09 17:52:18 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.23 20:08:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.23 20:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BARRIO OOD\Application Data\Mozilla\Extensions[2012.12.29 12:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BARRIO OOD\Application Data\Mozilla\Firefox\Profiles\qdjgi8pe.default\extensions[2012.12.29 12:38:33 | 000,002,716 | ---- | M] () (No name found) -- C:\Documents and Settings\BARRIO OOD\Application Data\Mozilla\Firefox\Profiles\qdjgi8pe.default\extensions\{288479BE-1B9E-11E2-80EA-F3246188709B}.xpi[2012.12.29 12:41:12 | 000,016,592 | ---- | M] () (No name found) -- C:\Documents and Settings\BARRIO OOD\Application Data\Mozilla\Firefox\Profiles\qdjgi8pe.default\extensions\{5e2b2bcc-767d-4077-bf8e-67d7a9861ec4}.xpi[2012.12.23 20:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012.12.23 20:08:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2012.04.09 17:52:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2012.11.29 10:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012.11.29 10:27:12 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2012.11.29 10:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012.11.29 10:27:12 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml[2012.11.29 10:27:12 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2012.11.29 10:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml[2012.11.29 10:27:12 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml[2012.11.29 10:27:12 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== CHR - homepage: http://www.searchnu.com/406CHR - default_search_provider: Bing (Enabled)CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=bg-BG&q={searchTerms}CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}CHR - homepage: http://www.searchnu.com/406CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dllCHR - plugin: registryAccess (Enabled) = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.15.4.24150_0\background/registryAccess.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dllCHR - Extension: Sopcast Toolbar = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.15.4.24150_0\CHR - Extension: YouTube = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\CHR - Extension: Google Search = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\CHR - Extension: avast! WebRep = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\CHR - Extension: Steamgifts Enhancement Addon = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbkplieclhgncoiionlliincopnejllo\2.0_0\CHR - Extension: Gmail = C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2008.04.14 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O4 - HKLM..\Run: [] C:\windows\csrrs.exe File not foundO4 - HKLM..\Run: [ QQPCTray] File not foundO4 - HKLM..\Run: [360Safetray] File not foundO4 - HKLM..\Run: [360Цч¶Ї·АУщ] C:WINDOWS\SHELLNEW\sever.exe File not foundO4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [bixushi] C:\WINDOWS\system32\csx.exe ()O4 - HKLM..\Run: [cao] c:\windows\system32\wbem\osinter.exe File not foundO4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [KVMON] File not foundO4 - HKLM..\Run: [KVXP] File not foundO4 - HKLM..\Run: [kxesc] File not foundO4 - HKLM..\Run: [McAfeeUpdaterUI] File not foundO4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [RavTRAY] File not foundO4 - HKLM..\Run: [RISTRAY] File not foundO4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [shabi] c:\WINDOWS\addins\net.exe ()O4 - HKLM..\Run: [shell] C:\windows\Rocket.exe File not foundO4 - HKLM..\Run: [shStatEXE] File not foundO4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [softupNotify.exe] C:\Documents and Settings\All Users\ЎёїЄКјЎ№ІЛµҐ\ЗїБ¦Р¶ФШµзДФЙПµДИнјю.lnk File not foundO4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [yige] c:\windows\system32\wbem\explore.exe File not foundO4 - HKLM..\Run: [zhouhongyi] c:\WINDOWS\java\net1.exe ()O4 - HKU\S-1-5-21-583907252-1292428093-1644491937-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-583907252-1292428093-1644491937-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not foundO4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not foundO4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-583907252-1292428093-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} http://78.128.83.41/XHD.cab (X4 Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} http://78.128.83.41/RM.cab (Rm Control)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAD7625-3665-4852-B35E-A1B017685949}: NameServer = 192.168.1.1O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - about:HomeO24 - Desktop WallPaper: C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2012.04.08 01:46:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: Sharedaccess - File not foundNetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: SharedAccess - File not foundSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2013.01.06 18:51:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BARRIO OOD\Desktop\OTL.exe[2013.01.04 15:37:35 | 000,048,164 | ---- | C] (Youku.com) -- C:\WINDOWS\pmhbme.exe[2013.01.02 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee[2013.01.02 11:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus[2012.12.31 22:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun[2012.12.31 21:46:11 | 000,064,326 | ---- | C] (酷狗游戏) -- C:\hex999.exe[2012.12.31 21:46:09 | 000,064,326 | ---- | C] (酷狗游戏) -- C:\WINDOWS\System32\hex999.exe[2012.12.31 21:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities[2012.12.31 21:44:09 | 000,598,079 | ---- | C] (Acronis) -- C:\WINDOWS\taskki.exe[2012.12.31 21:43:47 | 000,598,079 | ---- | C] (Acronis) -- C:\WINDOWS\System32\qukwkq.exe[2012.12.29 10:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan[2012.12.29 10:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee[2012.12.29 10:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan[2012.12.29 10:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe[2012.12.23 20:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Mozilla[2012.12.23 20:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Application Data\Mozilla[2012.12.23 20:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla[2012.12.23 20:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service[2012.12.23 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2012.12.23 00:32:35 | 000,000,000 | ---D | C] -- C:\WebCAM[2012.12.20 10:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\tt[2012.12.20 10:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\kk[2012.12.20 10:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\bb[2012.12.20 09:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\5AE33D3F[2012.12.19 16:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar[2012.12.19 16:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\searchqutoolbar[2012.12.19 16:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\searchquband[2012.12.19 03:33:15 | 000,598,079 | ---- | C] (Acronis) -- C:\WINDOWS\svchosts.exe[2012.12.19 03:05:34 | 000,070,592 | ---- | C] (Tendyron Co, Ltd.) -- C:\hexhong.exe[2012.12.19 03:05:32 | 000,070,592 | ---- | C] (Tendyron Co, Ltd.) -- C:\WINDOWS\System32\hexhong.exe[2012.12.06 14:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Desktop\New Folder[2012.11.10 22:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Desktop\дани[2012.11.10 01:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Desktop\MUZIKA_hits[2012.11.04 03:55:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ISQL[2012.11.01 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Sun[2012.10.30 00:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun[2012.10.30 00:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2012.10.30 00:54:03 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll[2012.10.30 00:54:03 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl[2012.10.30 00:54:02 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll[2012.10.30 00:54:02 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe[2012.10.30 00:53:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe[2012.10.30 00:53:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe[2012.10.30 00:53:32 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll[2012.10.30 00:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2012.10.30 00:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Application Data\Sun[2012.10.17 09:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe[2012.10.15 23:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\AppData[2012.10.15 23:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Application Data\searchquband[2012.10.15 23:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\Ilivid Player[2012.10.15 23:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid[2012.10.15 23:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BARRIO OOD\Application Data\searchqutoolbar[2012.10.15 23:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2012.10.15 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2013.01.06 19:03:01 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2013.01.06 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job[2013.01.06 18:51:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BARRIO OOD\Desktop\OTL.exe[2013.01.06 18:48:12 | 000,486,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2013.01.06 18:48:12 | 000,090,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2013.01.06 18:44:58 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2013.01.06 18:44:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2013.01.06 18:43:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2013.01.06 18:43:13 | 000,048,164 | ---- | M] (Youku.com) -- C:\WINDOWS\pmhbme.exe[2013.01.06 18:42:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1.exe[2013.01.06 18:12:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2013.01.06 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job[2013.01.06 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job[2013.01.06 16:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job[2013.01.06 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job[2013.01.06 14:19:31 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\onfeer.dat[2013.01.06 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job[2013.01.06 13:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job[2013.01.06 12:06:42 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1A0E7A4-7C95-4A18-B87C-43E25A4EE84E}.job[2013.01.06 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job[2013.01.06 11:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job[2013.01.06 10:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job[2013.01.06 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job[2013.01.06 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job[2013.01.06 07:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job[2013.01.06 06:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job[2013.01.06 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job[2013.01.06 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job[2013.01.06 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job[2013.01.06 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job[2013.01.06 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job[2013.01.06 00:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job[2013.01.05 23:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job[2013.01.05 22:07:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xp1314.exe[2013.01.05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job[2013.01.05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job[2013.01.05 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job[2013.01.05 15:45:14 | 000,000,000 | ---- | M] () -- C:\hexwuyu.exe[2013.01.05 15:45:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexwuyu.exe[2013.01.05 15:41:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xpwuyu.exe[2013.01.05 13:24:03 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\onf1.dat[2013.01.05 01:45:06 | 000,000,074 | ---- | M] () -- C:\xplsass.exe[2013.01.05 01:45:03 | 000,000,071 | ---- | M] () -- C:\WINDOWS\System32\xplsass.exe[2013.01.04 22:50:33 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xp1234.exe[2013.01.04 21:20:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\xpsvchost.exe[2013.01.04 19:57:11 | 000,000,000 | ---- | M] () -- C:\hex123.exe[2013.01.04 19:57:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex123.exe[2013.01.04 19:55:51 | 000,000,075 | ---- | M] () -- C:\xp123.exe[2013.01.04 19:55:49 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\xp123.exe[2013.01.04 16:39:16 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\New Rich Text document.rtf[2013.01.04 14:00:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\park.exe[2013.01.04 10:29:57 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\My Documents\spider.sav[2013.01.02 14:24:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootsvchost.exe[2013.01.02 14:23:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\yaotong.exe[2013.01.02 14:20:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s11.exe[2013.01.02 14:20:46 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\sh11.exe[2013.01.02 14:20:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot11.exe[2013.01.02 14:20:31 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\xp11.exe[2013.01.02 11:14:25 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk[2013.01.02 11:14:25 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk[2013.01.02 07:33:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ssvchost.exe[2013.01.02 07:33:10 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\shsvchost.exe[2013.01.02 07:31:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1234.exe[2013.01.01 06:01:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sserver.exe[2013.01.01 06:01:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\shserver.exe[2013.01.01 06:01:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootserver.exe[2013.01.01 06:00:53 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpServer.exe[2012.12.31 21:46:11 | 000,064,326 | ---- | M] (酷狗游戏) -- C:\hex999.exe[2012.12.31 21:46:09 | 000,064,326 | ---- | M] (酷狗游戏) -- C:\WINDOWS\System32\hex999.exe[2012.12.31 21:45:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s999.exe[2012.12.31 21:45:05 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\sh999.exe[2012.12.31 21:45:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot999.exe[2012.12.31 21:44:46 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xp999.exe[2012.12.31 21:44:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\svchosts.exe[2012.12.31 21:44:09 | 000,598,079 | ---- | M] (Acronis) -- C:\WINDOWS\taskki.exe[2012.12.31 21:43:40 | 000,598,079 | ---- | M] (Acronis) -- C:\WINDOWS\svchosts.exe[2012.12.31 21:43:40 | 000,598,079 | ---- | M] (Acronis) -- C:\WINDOWS\System32\qukwkq.exe[2012.12.31 14:38:10 | 000,604,561 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\duner.png[2012.12.31 14:33:47 | 000,288,793 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\23740e5035a19b12165469f9fd1a6dbed8093.jpg[2012.12.31 12:38:27 | 000,000,000 | ---- | M] () -- C:\hex1.exe[2012.12.31 12:37:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s1.exe[2012.12.31 12:37:41 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\sh1.exe[2012.12.31 12:37:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot1.exe[2012.12.31 12:37:24 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\xp1.exe[2012.12.30 23:41:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sexplore.exe[2012.12.30 23:41:01 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\shexplore.exe[2012.12.30 23:40:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootexplore.exe[2012.12.30 23:40:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\xpexplore.exe[2012.12.30 23:27:46 | 000,051,100 | ---- | M] () -- C:\1234.exe[2012.12.30 23:22:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s1234.exe[2012.12.30 23:22:51 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\sh1234.exe[2012.12.30 23:22:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot1234.exe[2012.12.30 22:23:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ssystem3.0.exe[2012.12.30 22:23:57 | 000,000,071 | ---- | M] () -- C:\WINDOWS\System32\shsystem3.0.exe[2012.12.30 22:23:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootsystem3.0.exe[2012.12.30 22:23:46 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\xpsystem3.0.exe[2012.12.29 10:58:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2012.12.29 10:58:15 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2012.12.29 10:56:07 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe[2012.12.29 10:56:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2012.12.29 09:15:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\PPTV(pplive)_jinshan_36369.exe[2012.12.28 17:37:41 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\shDoc.exe[2012.12.28 17:37:10 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xpDoc.exe[2012.12.28 10:55:17 | 000,008,498 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\дрехи.jpg[2012.12.28 10:05:38 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\x[2012.12.28 10:03:08 | 000,103,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012.12.28 03:15:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2012.12.27 12:41:20 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xp1433.exe[2012.12.27 10:12:07 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\xpver.exe[2012.12.26 21:48:56 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\xpaa.exe[2012.12.26 21:48:31 | 000,002,350 | ---- | M] () -- C:\WINDOWS\ver.exe[2012.12.25 22:08:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf[2012.12.25 16:10:18 | 000,000,000 | ---- | M] () -- C:\cmd.exe[2012.12.25 16:10:11 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\cmd[2012.12.25 16:10:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\PPTV(pplive)_jinshan_36369.exe[2012.12.25 10:15:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.12.25 09:35:01 | 000,000,000 | ---- | M] () -- C:\sljf.exe[2012.12.25 09:34:59 | 000,000,060 | ---- | M] () -- C:\shljf.exe[2012.12.25 09:34:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sljf.exe[2012.12.25 09:34:57 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\shljf.exe[2012.12.25 09:34:50 | 000,000,000 | ---- | M] () -- C:\bootljf.exe[2012.12.25 09:34:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootljf.exe[2012.12.25 09:34:44 | 000,000,063 | ---- | M] () -- C:\xpljf.exe[2012.12.25 09:34:42 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\xpljf.exe[2012.12.23 20:08:30 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012.12.23 20:08:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2012.12.23 19:54:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sservere.exe[2012.12.23 19:54:50 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\shservere.exe[2012.12.23 19:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootservere.exe[2012.12.23 19:54:31 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\xpservere.exe[2012.12.23 11:59:48 | 000,077,323 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\roklia-perfecta.jpg[2012.12.23 11:59:14 | 000,048,994 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\roklia-s-kamyni.jpg[2012.12.23 10:48:10 | 000,024,584 | ---- | M] () -- C:\WINDOWS\PPTV(pplive)_jinshan_36369.exe[2012.12.23 09:49:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\slaess.exe[2012.12.23 09:49:24 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\shlaess.exe[2012.12.23 09:49:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootlaess.exe[2012.12.23 09:49:04 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\xplaess.exe[2012.12.23 09:33:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\PPTVpplive_jinshan_36369.exe[2012.12.22 19:42:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sver.exe[2012.12.22 19:42:05 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\shver.exe[2012.12.22 19:41:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootver.exe[2012.12.22 19:27:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s1433.exe[2012.12.22 19:27:32 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\sh1433.exe[2012.12.22 19:27:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot1433.exe[2012.12.22 18:43:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot22wu.exe[2012.12.22 18:43:06 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\sh22wu.exe[2012.12.22 18:42:35 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\xp22wu.exe[2012.12.22 17:42:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s3939.exe[2012.12.22 17:42:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot3939.exe[2012.12.22 17:41:51 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\sh3939.exe[2012.12.22 17:41:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xp3939.exe[2012.12.22 01:54:55 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\xp360.exe[2012.12.21 22:19:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot3838.exe[2012.12.21 22:19:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xp3838.exe[2012.12.21 22:03:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot888.exe[2012.12.21 22:03:20 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\xp888.exe[2012.12.21 19:35:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\zyblackd.exe[2012.12.21 19:34:41 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpblackd.exe[2012.12.21 19:33:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stblackd.exe[2012.12.21 19:33:45 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\shblackd.exe[2012.12.21 19:33:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootblackd.exe[2012.12.21 19:24:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stsvchost.exe[2012.12.21 19:24:52 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\zysvchost.exe[2012.12.21 19:24:29 | 000,002,398 | ---- | M] () -- C:\WINDOWS\lk.exe[2012.12.21 18:02:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st1433.exe[2012.12.21 18:02:40 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\zy1433.exe[2012.12.21 17:47:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s360.exe[2012.12.21 17:47:35 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\sh360.exe[2012.12.21 17:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot360.exe[2012.12.21 13:24:23 | 000,000,000 | ---- | M] () -- C:\hexcsrrs.exe[2012.12.21 13:24:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexcsrrs.exe[2012.12.21 13:23:46 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\shcsrrs.exe[2012.12.21 13:23:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\scsrrs.exe[2012.12.21 13:23:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootcsrrs.exe[2012.12.21 13:23:27 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\xpcsrrs.exe[2012.12.21 12:36:39 | 000,000,000 | ---- | M] () -- C:\hexyaotong.exe[2012.12.21 12:36:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexyaotong.exe[2012.12.21 12:36:14 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\zyyaotong.exe[2012.12.21 12:35:52 | 000,000,070 | ---- | M] () -- C:\WINDOWS\System32\xpyaotong.exe[2012.12.21 12:35:13 | 000,002,359 | ---- | M] () -- C:\yaotong.exe[2012.12.20 16:58:12 | 000,000,104 | ---- | M] () -- C:\zysystem3[2012.12.20 16:58:06 | 000,000,103 | ---- | M] () -- C:\shsystem3[2012.12.20 16:58:06 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\shsystem3[2012.12.20 16:57:55 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\xpsystem3,0.exe[2012.12.20 16:57:41 | 000,002,351 | ---- | M] () -- C:\WINDOWS\system3.0.exesystem3.0.exesystem3.0.exe[2012.12.20 15:08:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Default[2012.12.20 10:19:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stserver.exe[2012.12.20 10:18:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\zyserver.exe[2012.12.20 09:45:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ssystem1.8.exe[2012.12.20 09:45:14 | 000,000,070 | ---- | M] () -- C:\WINDOWS\System32\shsystem1.8.exe[2012.12.20 09:45:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootsystem1.8.exe[2012.12.20 09:45:06 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\xpsystem1.8.exe[2012.12.19 22:45:47 | 000,000,104 | ---- | M] () -- C:\zysystem1[2012.12.19 22:45:44 | 000,000,103 | ---- | M] () -- C:\shsystem1[2012.12.19 22:45:43 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\shsystem1[2012.12.19 22:45:33 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\xpsystem1,8.exe[2012.12.19 07:16:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st17swu.exe[2012.12.19 07:16:27 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\zy17swu.exe[2012.12.19 07:16:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s17swu.exe[2012.12.19 07:16:20 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\sh17swu.exe[2012.12.19 07:16:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot17swu.exe[2012.12.19 07:15:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xp17swu.exe[2012.12.19 06:09:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st888.exe[2012.12.19 06:09:47 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\zy888.exe[2012.12.19 06:09:39 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\sh888.exe[2012.12.19 03:05:34 | 000,070,592 | ---- | M] (Tendyron Co, Ltd.) -- C:\hexhong.exe[2012.12.19 03:05:32 | 000,070,592 | ---- | M] (Tendyron Co, Ltd.) -- C:\WINDOWS\System32\hexhong.exe[2012.12.19 03:05:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\shong.exe[2012.12.19 03:05:07 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\shhong.exe[2012.12.19 03:05:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boothong.exe[2012.12.19 03:04:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xphong.exe[2012.12.17 16:04:17 | 000,125,639 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\179559_509752775723409_859233011_n.jpg[2012.12.17 15:42:49 | 000,423,396 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\magical-winter-800x600-wallpaper-449.jpg[2012.12.17 11:26:58 | 000,011,722 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\Desktop\522496_308963032548419_844190245_n.jpg[2012.12.17 00:28:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s888.exe[2012.12.16 14:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll[2012.12.16 14:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll[2012.12.16 08:53:35 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\xp14swu.exe[2012.12.16 03:10:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\siis007.EXE[2012.12.16 03:10:49 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\shiis007.EXE[2012.12.16 03:10:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootiis007.EXE[2012.12.16 03:10:41 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\xpiis007.EXE[2012.12.13 18:04:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sttorrent.exe[2012.12.13 18:03:56 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\zytorrent.exe[2012.12.13 18:03:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\storrent.exe[2012.12.13 18:03:43 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\shtorrent.exe[2012.12.13 18:03:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boottorrent.exe[2012.12.13 18:02:57 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\xptorrent.exe[2012.12.13 04:43:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sz.exe[2012.12.13 04:43:58 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\shz.exe[2012.12.13 04:43:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootz.exe[2012.12.13 04:43:39 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\xpz.exe[2012.12.11 05:00:58 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xp11wu.exe[2012.12.06 14:31:39 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2012.12.05 06:29:57 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xp5nb.exe[2012.12.03 19:24:21 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\xpxiaonb.exe[2012.12.03 00:27:53 | 000,000,000 | ---- | M] () -- C:\hexsx.exe[2012.12.03 00:27:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexsx.exe[2012.12.03 00:26:57 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\xpsx.exe[2012.12.02 12:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootadmin.exe[2012.12.02 12:47:36 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpadmin.exe[2012.12.02 12:46:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\admin.exe[2012.12.02 12:46:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3.exe[2012.12.02 12:46:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\windtt.com[2012.12.02 12:46:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mynets.exe[2012.12.02 03:30:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st3.exe[2012.12.02 03:30:31 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\zy3.exe[2012.12.02 03:30:29 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\sh3.exe[2012.12.02 03:30:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\csx.exe[2012.12.02 03:29:41 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\onf3.dat[2012.12.02 02:42:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s3.exe[2012.12.02 02:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\on3.exe[2012.12.01 02:41:45 | 000,000,000 | ---- | M] () -- C:\2.exe[2012.12.01 01:46:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st123.exe[2012.12.01 01:46:11 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\zy123.exe[2012.12.01 01:46:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s123.exe[2012.12.01 01:46:07 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\sh123.exe[2012.12.01 01:46:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot123.exe[2012.11.29 14:07:11 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\onf2.dat[2012.11.26 18:04:29 | 000,000,059 | ---- | M] () -- C:\xp2.exe[2012.11.26 18:04:25 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\xp2.exe[2012.11.23 22:32:11 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\xpqqq.exe[2012.11.20 23:50:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootqqq.exe[2012.11.14 11:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\on2.exe[2012.11.13 06:51:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\xp3.exe[2012.11.12 12:58:04 | 000,000,534 | ---- | M] () -- C:\WINDOWS\3.vbs[2012.11.12 12:58:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot3.exe[2012.11.12 11:01:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\on1.exe[2012.11.12 01:43:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\s2.exe[2012.11.12 01:43:45 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\sh2.exe[2012.11.12 01:43:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\boot2.exe[2012.11.12 01:43:04 | 000,000,534 | ---- | M] () -- C:\WINDOWS\2.vbs[2012.11.12 00:47:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\zy1.exe[2012.11.11 21:31:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st1.exe[2012.11.11 19:34:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\zy2.exe[2012.11.11 11:39:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\st2.exe[2012.11.11 11:38:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2.exe[2012.11.11 05:42:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stHG.exe[2012.11.11 05:42:09 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\zyHG.exe[2012.11.11 05:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sHG.exe[2012.11.11 05:41:59 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\shHG.exe[2012.11.11 05:41:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootHG.exe[2012.11.11 05:41:37 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\xpHG.exe[2012.11.10 10:29:11 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\zyzxc.exe[2012.11.10 10:28:08 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\onfzxc.dat[2012.11.08 13:59:09 | 000,000,536 | ---- | M] () -- C:\WINDOWS\4.vbs[2012.11.08 13:58:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4.exe[2012.11.08 13:54:55 | 000,000,212 | ---- | M] () -- C:\WINDOWS\System32\sb.bat[2012.11.08 13:49:38 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\zy4.exe[2012.11.08 13:48:22 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\onf4.dat[2012.11.05 20:24:14 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FTL.lnk[2012.11.04 20:39:45 | 000,000,536 | ---- | M] () -- C:\WINDOWS\zxc.vbs[2012.11.04 20:35:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stzxc.exe[2012.11.04 20:34:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\szxc.exe[2012.11.04 20:34:58 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\shzxc.exe[2012.11.04 11:05:56 | 000,000,000 | ---- | M] () -- C:\stlsass.exe[2012.11.04 11:05:54 | 000,000,066 | ---- | M] () -- C:\zylsass.exe[2012.11.04 11:05:46 | 000,000,000 | ---- | M] () -- C:\slsass.exe[2012.11.04 11:05:43 | 000,000,065 | ---- | M] () -- C:\shlsass.exe[2012.11.04 11:05:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\slsass.exe[2012.11.04 11:05:39 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\shlsass.exe[2012.11.04 11:05:32 | 000,000,000 | ---- | M] () -- C:\bootlsass.exe[2012.11.04 11:05:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootlsass.exe[2012.11.04 04:00:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\zxc.exe[2012.11.04 03:53:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\onzxc.exe[2012.10.30 15:06:44 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\xptaskmgr.exe[2012.10.30 12:44:38 | 000,000,000 | ---- | M] () -- C:\hexmnet.exe[2012.10.30 12:44:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexmnet.exe[2012.10.30 12:42:23 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpmnet.exe[2012.10.30 08:45:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootserer.exe[2012.10.30 08:45:04 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpserer.exe[2012.10.30 00:53:16 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll[2012.10.30 00:53:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe[2012.10.30 00:53:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe[2012.10.30 00:53:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl[2012.10.30 00:53:10 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe[2012.10.30 00:53:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll[2012.10.30 00:53:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll[2012.10.29 18:58:17 | 000,000,064 | ---- | M] () -- C:\xpSER1.exe[2012.10.29 18:58:16 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\xpSER1.exe[2012.10.29 11:16:30 | 000,000,000 | ---- | M] () -- C:\hexinet.exe[2012.10.29 11:16:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexinet.exe[2012.10.29 11:15:05 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xpinet.exe[2012.10.28 17:00:15 | 000,000,062 | ---- | M] () -- C:\xpavp.exe[2012.10.28 17:00:14 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\xpavp.exe[2012.10.27 11:58:53 | 000,000,000 | ---- | M] () -- C:\stkv.exe[2012.10.27 11:58:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootkv.exe[2012.10.27 11:58:38 | 000,000,057 | ---- | M] () -- C:\shkv.exe[2012.10.27 11:58:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\skv.exe[2012.10.27 11:58:36 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\shkv.exe[2012.10.27 11:58:34 | 000,000,000 | ---- | M] () -- C:\bootkv.exe[2012.10.27 11:58:26 | 000,000,060 | ---- | M] () -- C:\xpkv.exe[2012.10.27 11:58:25 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\xpkv.exe[2012.10.24 08:50:32 | 000,000,000 | ---- | M] () -- C:\stserver.exe[2012.10.24 08:50:27 | 000,000,000 | ---- | M] () -- C:\sserver.exe[2012.10.24 08:50:16 | 000,000,000 | ---- | M] () -- C:\bootserver.exe[2012.10.19 00:35:34 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\xpzxc.exe[2012.10.18 20:01:03 | 000,000,062 | ---- | M] () -- C:\xpVS.exe[2012.10.18 20:01:02 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\xpVS.exe[2012.10.18 14:21:13 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\xpparkson.exe[2012.10.17 02:59:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootVS.exe[2012.10.15 23:50:21 | 000,001,096 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.lnk[2012.10.15 23:50:21 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk[2012.10.15 23:50:21 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid.lnk[2012.10.13 06:09:37 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\onfok.dat[2012.10.12 13:04:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sparkson.exe[2012.10.12 13:04:55 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\zyparkson.exe[2012.10.12 13:04:45 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\shparkson.exe[2012.10.12 09:48:24 | 000,000,061 | ---- | M] () -- C:\shzxc.exe[2012.10.12 08:59:02 | 000,000,000 | ---- | M] () -- C:\stzxc.exe[2012.10.12 08:58:57 | 000,000,000 | ---- | M] () -- C:\szxc.exe[2012.10.12 08:58:47 | 000,000,000 | ---- | M] () -- C:\bootzxc.exe[2012.10.12 08:58:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootzxc.exe[2012.10.11 09:47:40 | 000,000,000 | ---- | M] () -- C:\hexmx36.exe[2012.10.11 09:47:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexmx36.exe[2012.10.11 09:47:09 | 000,000,000 | ---- | M] () -- C:\stmx36.exe[2012.10.11 09:47:08 | 000,000,065 | ---- | M] () -- C:\zymx36.exe[2012.10.11 09:47:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\stmx36.exe[2012.10.11 09:47:06 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\zymx36.exe[2012.10.11 09:47:02 | 000,000,000 | ---- | M] () -- C:\smx36.exe[2012.10.11 09:47:00 | 000,000,064 | ---- | M] () -- C:\shmx36.exe[2012.10.11 09:46:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\smx36.exe[2012.10.11 09:46:58 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\shmx36.exe[2012.10.11 09:46:52 | 000,000,000 | ---- | M] () -- C:\bootmx36.exe[2012.10.11 09:46:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootmx36.exe[2012.10.11 09:46:47 | 000,000,067 | ---- | M] () -- C:\xpmx36.exe[2012.10.11 09:46:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xpmx36.exe[2012.10.10 15:04:16 | 000,000,544 | ---- | M] () -- C:\WINDOWS\mxxn1010.vbs[2012.10.10 15:01:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootparkson.exe[2012.10.09 01:37:46 | 000,000,000 | ---- | M] () -- C:\hexpkill.exe[2012.10.09 01:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hexpkill.exe[2012.10.09 01:37:07 | 000,000,000 | ---- | M] () -- C:\stpkill.exe[2012.10.09 01:37:06 | 000,000,067 | ---- | M] () -- C:\zypkill.exe[2012.10.09 01:36:56 | 000,000,000 | ---- | M] () -- C:\spkill.exe[2012.10.09 01:36:55 | 000,000,066 | ---- | M] () -- C:\shpkill.exe[2012.10.09 01:36:51 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\shpkill.exe[2012.10.09 01:36:40 | 000,000,000 | ---- | M] () -- C:\bootpkill.exe[2012.10.09 01:36:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bootpkill.exe[2012.10.09 01:36:33 | 000,000,069 | ---- | M] () -- C:\xppkill.exe[2012.10.09 01:36:29 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\xppkill.exe[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.06 13:58:09 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\onfeer.dat[2013.01.05 22:07:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xp1314.exe[2013.01.05 15:45:14 | 000,000,000 | ---- | C] () -- C:\hexwuyu.exe[2013.01.05 15:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexwuyu.exe[2013.01.05 15:41:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xpwuyu.exe[2013.01.05 01:45:06 | 000,000,074 | ---- | C] () -- C:\xplsass.exe[2013.01.04 19:57:11 | 000,000,000 | ---- | C] () -- C:\hex123.exe[2013.01.04 19:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex123.exe[2013.01.04 19:55:51 | 000,000,075 | ---- | C] () -- C:\xp123.exe[2013.01.04 16:36:04 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\New Rich Text document.rtf[2013.01.04 14:00:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\park.exe[2013.01.02 14:20:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot11.exe[2012.12.31 21:44:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\svchosts.exe[2012.12.31 14:38:06 | 000,604,561 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\duner.png[2012.12.31 14:33:33 | 000,288,793 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\23740e5035a19b12165469f9fd1a6dbed8093.jpg[2012.12.31 12:38:27 | 000,000,000 | ---- | C] () -- C:\hex1.exe[2012.12.30 23:41:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sexplore.exe[2012.12.30 23:41:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\shexplore.exe[2012.12.30 23:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootexplore.exe[2012.12.30 23:40:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\xpexplore.exe[2012.12.30 23:27:46 | 000,051,100 | ---- | C] () -- C:\1234.exe[2012.12.30 23:21:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1234.exe[2012.12.29 10:56:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk[2012.12.29 10:56:12 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk[2012.12.28 20:26:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s1234.exe[2012.12.28 20:26:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\sh1234.exe[2012.12.28 20:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot1234.exe[2012.12.28 17:37:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\shDoc.exe[2012.12.28 17:37:10 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xpDoc.exe[2012.12.28 10:55:25 | 000,008,498 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\дрехи.jpg[2012.12.28 10:05:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\PPTV(pplive)_jinshan_36369.exe[2012.12.27 16:29:51 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\x[2012.12.27 15:31:02 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK[2012.12.26 21:48:45 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\xpaa.exe[2012.12.26 21:48:25 | 000,002,350 | ---- | C] () -- C:\WINDOWS\ver.exe[2012.12.25 16:10:18 | 000,000,000 | ---- | C] () -- C:\cmd.exe[2012.12.25 16:10:11 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\cmd[2012.12.25 09:35:01 | 000,000,000 | ---- | C] () -- C:\sljf.exe[2012.12.25 09:34:59 | 000,000,060 | ---- | C] () -- C:\shljf.exe[2012.12.25 09:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sljf.exe[2012.12.25 09:34:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shljf.exe[2012.12.25 09:34:50 | 000,000,000 | ---- | C] () -- C:\bootljf.exe[2012.12.25 09:34:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootljf.exe[2012.12.25 09:34:44 | 000,000,063 | ---- | C] () -- C:\xpljf.exe[2012.12.25 09:34:42 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpljf.exe[2012.12.23 22:21:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssystem3.0.exe[2012.12.23 22:21:15 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\shsystem3.0.exe[2012.12.23 22:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootsystem3.0.exe[2012.12.23 22:21:05 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\xpsystem3.0.exe[2012.12.23 20:08:30 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012.12.23 20:08:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk[2012.12.23 20:08:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2012.12.23 19:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sservere.exe[2012.12.23 19:54:50 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\shservere.exe[2012.12.23 19:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootservere.exe[2012.12.23 19:54:31 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\xpservere.exe[2012.12.23 11:59:47 | 000,077,323 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\roklia-perfecta.jpg[2012.12.23 11:59:11 | 000,048,994 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\roklia-s-kamyni.jpg[2012.12.23 10:48:10 | 000,024,584 | ---- | C] () -- C:\WINDOWS\PPTV(pplive)_jinshan_36369.exe[2012.12.23 09:49:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\slaess.exe[2012.12.23 09:49:24 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\shlaess.exe[2012.12.23 09:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootlaess.exe[2012.12.23 09:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PPTV(pplive)_jinshan_36369.exe[2012.12.23 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PPTVpplive_jinshan_36369.exe[2012.12.22 19:42:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sver.exe[2012.12.22 19:42:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shver.exe[2012.12.22 19:41:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootver.exe[2012.12.22 19:41:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpver.exe[2012.12.22 18:43:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot22wu.exe[2012.12.22 18:43:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\sh22wu.exe[2012.12.22 18:42:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\xp22wu.exe[2012.12.22 17:42:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s3939.exe[2012.12.22 17:42:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot3939.exe[2012.12.22 17:41:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\sh3939.exe[2012.12.22 17:41:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xp3939.exe[2012.12.22 00:25:08 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\xplaess.exe[2012.12.21 22:19:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot3838.exe[2012.12.21 22:19:29 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xp3838.exe[2012.12.21 19:33:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stblackd.exe[2012.12.21 19:33:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\zyblackd.exe[2012.12.21 19:33:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\shblackd.exe[2012.12.21 19:33:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootblackd.exe[2012.12.21 19:33:29 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpblackd.exe[2012.12.21 19:24:29 | 000,002,398 | ---- | C] () -- C:\WINDOWS\lk.exe[2012.12.21 17:47:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s360.exe[2012.12.21 17:47:35 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\sh360.exe[2012.12.21 17:47:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot360.exe[2012.12.21 17:47:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\xp360.exe[2012.12.21 13:24:23 | 000,000,000 | ---- | C] () -- C:\hexcsrrs.exe[2012.12.21 13:24:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexcsrrs.exe[2012.12.21 13:23:46 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\shcsrrs.exe[2012.12.21 13:23:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\scsrrs.exe[2012.12.21 13:23:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootcsrrs.exe[2012.12.21 13:23:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\xpcsrrs.exe[2012.12.21 12:36:39 | 000,000,000 | ---- | C] () -- C:\hexyaotong.exe[2012.12.21 12:36:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexyaotong.exe[2012.12.21 12:36:14 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\zyyaotong.exe[2012.12.21 12:35:52 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\xpyaotong.exe[2012.12.21 12:35:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\yaotong.exe[2012.12.21 12:35:13 | 000,002,359 | ---- | C] () -- C:\yaotong.exe[2012.12.20 23:41:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stsvchost.exe[2012.12.20 23:41:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\zysvchost.exe[2012.12.20 23:41:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssvchost.exe[2012.12.20 23:41:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\shsvchost.exe[2012.12.20 23:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootsvchost.exe[2012.12.20 23:41:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\xpsvchost.exe[2012.12.20 16:58:12 | 000,000,104 | ---- | C] () -- C:\zysystem3[2012.12.20 16:58:06 | 000,000,103 | ---- | C] () -- C:\shsystem3[2012.12.20 16:58:06 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\shsystem3[2012.12.20 16:57:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\xpsystem3,0.exe[2012.12.20 16:57:41 | 000,002,351 | ---- | C] () -- C:\WINDOWS\system3.0.exesystem3.0.exesystem3.0.exe[2012.12.20 15:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Default[2012.12.20 09:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssystem1.8.exe[2012.12.20 09:45:14 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\shsystem1.8.exe[2012.12.20 09:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootsystem1.8.exe[2012.12.20 09:45:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\xpsystem1.8.exe[2012.12.19 22:45:47 | 000,000,104 | ---- | C] () -- C:\zysystem1[2012.12.19 22:45:44 | 000,000,103 | ---- | C] () -- C:\shsystem1[2012.12.19 22:45:43 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\shsystem1[2012.12.19 22:45:33 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\xpsystem1,8.exe[2012.12.19 07:16:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st17swu.exe[2012.12.19 07:16:27 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\zy17swu.exe[2012.12.19 07:16:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s17swu.exe[2012.12.19 07:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\sh17swu.exe[2012.12.19 07:16:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot17swu.exe[2012.12.19 07:15:55 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xp17swu.exe[2012.12.19 03:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\shong.exe[2012.12.19 03:05:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\shhong.exe[2012.12.19 03:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boothong.exe[2012.12.19 03:04:55 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xphong.exe[2012.12.18 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st1433.exe[2012.12.18 16:03:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\zy1433.exe[2012.12.18 16:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s1433.exe[2012.12.18 16:03:45 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\sh1433.exe[2012.12.18 16:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot1433.exe[2012.12.17 16:04:15 | 000,125,639 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\179559_509752775723409_859233011_n.jpg[2012.12.17 15:42:47 | 000,423,396 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\magical-winter-800x600-wallpaper-449.jpg[2012.12.17 11:26:56 | 000,011,722 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Desktop\522496_308963032548419_844190245_n.jpg[2012.12.16 08:53:35 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\xp14swu.exe[2012.12.16 03:10:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\siis007.EXE[2012.12.16 03:10:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\shiis007.EXE[2012.12.16 03:10:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootiis007.EXE[2012.12.16 03:10:41 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpiis007.EXE[2012.12.14 05:49:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st888.exe[2012.12.14 05:49:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\zy888.exe[2012.12.14 05:49:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s888.exe[2012.12.14 05:49:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\sh888.exe[2012.12.14 05:49:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot888.exe[2012.12.14 05:49:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\xp888.exe[2012.12.13 18:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sttorrent.exe[2012.12.13 18:03:56 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zytorrent.exe[2012.12.13 18:03:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\storrent.exe[2012.12.13 18:03:43 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\shtorrent.exe[2012.12.13 18:03:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boottorrent.exe[2012.12.13 18:02:57 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\xptorrent.exe[2012.12.13 06:14:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s11.exe[2012.12.13 06:14:54 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\sh11.exe[2012.12.13 06:14:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\xp11.exe[2012.12.13 04:43:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sz.exe[2012.12.13 04:43:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\shz.exe[2012.12.13 04:43:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootz.exe[2012.12.13 04:43:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\xpz.exe[2012.12.11 05:00:58 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp11wu.exe[2012.12.09 18:14:18 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\My Documents\spider.sav[2012.12.05 06:29:57 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp5nb.exe[2012.12.03 19:24:21 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\xpxiaonb.exe[2012.12.03 00:27:53 | 000,000,000 | ---- | C] () -- C:\hexsx.exe[2012.12.03 00:27:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexsx.exe[2012.12.03 00:26:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpsx.exe[2012.12.02 12:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootadmin.exe[2012.12.02 12:47:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpadmin.exe[2012.12.02 12:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\admin.exe[2012.12.02 12:45:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\windtt.com[2012.12.02 03:30:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st3.exe[2012.12.02 03:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\csx.exe[2012.12.01 02:41:45 | 000,000,000 | ---- | C] () -- C:\2.exe[2012.12.01 01:46:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st123.exe[2012.12.01 01:46:11 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\zy123.exe[2012.12.01 01:46:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s123.exe[2012.12.01 01:46:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\sh123.exe[2012.12.01 00:30:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s999.exe[2012.12.01 00:30:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\sh999.exe[2012.12.01 00:30:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot999.exe[2012.12.01 00:30:16 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp999.exe[2012.11.29 03:47:41 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp1234.exe[2012.11.26 18:04:29 | 000,000,059 | ---- | C] () -- C:\xp2.exe[2012.11.20 23:50:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootqqq.exe[2012.11.20 23:49:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xpqqq.exe[2012.11.14 11:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\on2.exe[2012.11.12 12:59:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s3.exe[2012.11.12 12:58:04 | 000,000,534 | ---- | C] () -- C:\WINDOWS\3.vbs[2012.11.12 12:58:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot3.exe[2012.11.12 11:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\on1.exe[2012.11.11 21:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s1.exe[2012.11.11 11:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st2.exe[2012.11.11 11:39:27 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\zy2.exe[2012.11.11 11:39:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s2.exe[2012.11.11 11:39:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\sh2.exe[2012.11.11 11:39:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot2.exe[2012.11.11 11:39:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\xp2.exe[2012.11.11 11:38:44 | 000,000,534 | ---- | C] () -- C:\WINDOWS\2.vbs[2012.11.11 11:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2.exe[2012.11.11 06:03:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\zy1.exe[2012.11.11 05:42:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stHG.exe[2012.11.11 05:42:09 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\zyHG.exe[2012.11.11 05:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sHG.exe[2012.11.11 05:41:59 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\shHG.exe[2012.11.11 05:41:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootHG.exe[2012.11.11 05:41:37 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\xpHG.exe[2012.11.11 01:58:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mynets.exe[2012.11.11 01:57:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3.exe[2012.11.11 01:54:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\on3.exe[2012.11.10 15:01:12 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\onf3.dat[2012.11.09 20:02:59 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\onf2.dat[2012.11.08 13:59:09 | 000,000,536 | ---- | C] () -- C:\WINDOWS\4.vbs[2012.11.08 13:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4.exe[2012.11.08 13:54:55 | 000,000,212 | ---- | C] () -- C:\WINDOWS\System32\sb.bat[2012.11.08 13:49:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\zy4.exe[2012.11.08 13:48:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\onf4.dat[2012.11.04 11:05:56 | 000,000,000 | ---- | C] () -- C:\stlsass.exe[2012.11.04 11:05:54 | 000,000,066 | ---- | C] () -- C:\zylsass.exe[2012.11.04 11:05:46 | 000,000,000 | ---- | C] () -- C:\slsass.exe[2012.11.04 11:05:43 | 000,000,065 | ---- | C] () -- C:\shlsass.exe[2012.11.04 11:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\slsass.exe[2012.11.04 11:05:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\shlsass.exe[2012.11.04 11:05:32 | 000,000,000 | ---- | C] () -- C:\bootlsass.exe[2012.11.04 11:05:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootlsass.exe[2012.11.04 11:05:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\xplsass.exe[2012.11.04 04:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zxc.exe[2012.11.04 03:53:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\onzxc.exe[2012.11.04 03:52:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\onfzxc.dat[2012.10.30 15:06:44 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\xptaskmgr.exe[2012.10.30 12:44:38 | 000,000,000 | ---- | C] () -- C:\hexmnet.exe[2012.10.30 12:44:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexmnet.exe[2012.10.30 12:42:23 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpmnet.exe[2012.10.30 08:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootserer.exe[2012.10.30 08:45:04 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpserer.exe[2012.10.29 18:58:17 | 000,000,064 | ---- | C] () -- C:\xpSER1.exe[2012.10.29 18:58:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\xpSER1.exe[2012.10.29 11:16:30 | 000,000,000 | ---- | C] () -- C:\hexinet.exe[2012.10.29 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexinet.exe[2012.10.29 11:15:05 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpinet.exe[2012.10.28 17:00:15 | 000,000,062 | ---- | C] () -- C:\xpavp.exe[2012.10.28 17:00:14 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\xpavp.exe[2012.10.27 11:58:53 | 000,000,000 | ---- | C] () -- C:\stkv.exe[2012.10.27 11:58:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootkv.exe[2012.10.27 11:58:38 | 000,000,057 | ---- | C] () -- C:\shkv.exe[2012.10.27 11:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\skv.exe[2012.10.27 11:58:36 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\shkv.exe[2012.10.27 11:58:34 | 000,000,000 | ---- | C] () -- C:\bootkv.exe[2012.10.27 11:58:26 | 000,000,060 | ---- | C] () -- C:\xpkv.exe[2012.10.27 11:58:25 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\xpkv.exe[2012.10.24 08:50:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stserver.exe[2012.10.24 08:50:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\zyserver.exe[2012.10.23 17:16:48 | 000,000,000 | ---- | C] () -- C:\stserver.exe[2012.10.23 17:16:39 | 000,000,000 | ---- | C] () -- C:\sserver.exe[2012.10.23 17:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sserver.exe[2012.10.23 17:16:32 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\shserver.exe[2012.10.23 17:16:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootserver.exe[2012.10.23 17:16:24 | 000,000,000 | ---- | C] () -- C:\bootserver.exe[2012.10.17 22:07:45 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\onf1.dat[2012.10.17 02:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootVS.exe[2012.10.17 02:59:40 | 000,000,062 | ---- | C] () -- C:\xpVS.exe[2012.10.17 02:59:39 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\xpVS.exe[2012.10.15 23:50:21 | 000,001,096 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.lnk[2012.10.15 23:50:21 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk[2012.10.15 23:44:50 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid.lnk[2012.10.15 03:05:55 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\xp1.exe[2012.10.14 16:45:54 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpServer.exe[2012.10.13 06:09:37 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\onfok.dat[2012.10.12 13:04:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sparkson.exe[2012.10.12 09:48:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stzxc.exe[2012.10.12 09:48:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\zyzxc.exe[2012.10.12 08:59:02 | 000,000,000 | ---- | C] () -- C:\stzxc.exe[2012.10.12 08:58:57 | 000,000,000 | ---- | C] () -- C:\szxc.exe[2012.10.12 08:58:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\szxc.exe[2012.10.12 08:58:55 | 000,000,061 | ---- | C] () -- C:\shzxc.exe[2012.10.12 08:58:54 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shzxc.exe[2012.10.12 08:58:47 | 000,000,000 | ---- | C] () -- C:\bootzxc.exe[2012.10.12 08:58:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootzxc.exe[2012.10.12 08:58:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\xpzxc.exe[2012.10.12 08:58:21 | 000,000,536 | ---- | C] () -- C:\WINDOWS\zxc.vbs[2012.10.12 08:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1.exe[2012.10.11 09:47:40 | 000,000,000 | ---- | C] () -- C:\hexmx36.exe[2012.10.11 09:47:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexmx36.exe[2012.10.11 09:47:09 | 000,000,000 | ---- | C] () -- C:\stmx36.exe[2012.10.11 09:47:08 | 000,000,065 | ---- | C] () -- C:\zymx36.exe[2012.10.11 09:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stmx36.exe[2012.10.11 09:47:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\zymx36.exe[2012.10.11 09:47:02 | 000,000,000 | ---- | C] () -- C:\smx36.exe[2012.10.11 09:47:00 | 000,000,064 | ---- | C] () -- C:\shmx36.exe[2012.10.11 09:46:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smx36.exe[2012.10.11 09:46:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\shmx36.exe[2012.10.11 09:46:52 | 000,000,000 | ---- | C] () -- C:\bootmx36.exe[2012.10.11 09:46:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootmx36.exe[2012.10.11 09:46:47 | 000,000,067 | ---- | C] () -- C:\xpmx36.exe[2012.10.11 09:46:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xpmx36.exe[2012.10.10 15:04:16 | 000,000,544 | ---- | C] () -- C:\WINDOWS\mxxn1010.vbs[2012.10.10 15:01:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\zyparkson.exe[2012.10.10 15:01:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\shparkson.exe[2012.10.10 15:01:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootparkson.exe[2012.10.10 15:01:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\xpparkson.exe[2012.10.09 01:37:46 | 000,000,000 | ---- | C] () -- C:\hexpkill.exe[2012.10.09 01:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexpkill.exe[2012.10.09 01:37:07 | 000,000,000 | ---- | C] () -- C:\stpkill.exe[2012.10.09 01:37:06 | 000,000,067 | ---- | C] () -- C:\zypkill.exe[2012.10.09 01:36:56 | 000,000,000 | ---- | C] () -- C:\spkill.exe[2012.10.09 01:36:55 | 000,000,066 | ---- | C] () -- C:\shpkill.exe[2012.10.09 01:36:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\shpkill.exe[2012.10.09 01:36:40 | 000,000,000 | ---- | C] () -- C:\bootpkill.exe[2012.10.09 01:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootpkill.exe[2012.10.09 01:36:33 | 000,000,069 | ---- | C] () -- C:\xppkill.exe[2012.10.09 01:36:29 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xppkill.exe[2012.10.07 08:08:48 | 000,002,352 | ---- | C] () -- C:\WINDOWS\vpn.exe[2012.10.06 03:26:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexmxcs.exe[2012.10.06 03:26:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smxcs.exe[2012.10.06 03:25:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\shmxcs.exe[2012.10.06 03:25:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootmxcs.exe[2012.10.06 03:25:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xpmxcs.exe[2012.10.06 03:24:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mx123.exe[2012.09.27 01:53:36 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\zy3.exe[2012.09.27 01:53:27 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\sh3.exe[2012.09.27 01:53:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\xp3.exe[2012.09.26 20:55:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mxxnt.exe[2012.09.23 02:31:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stp4y7g.exe[2012.09.23 02:31:16 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\zyp4y7g.exe[2012.09.23 02:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sp4y7g.exe[2012.09.23 02:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\shp4y7g.exe[2012.09.23 02:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootp4y7g.exe[2012.09.23 02:30:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xpp4y7g.exe[2012.09.22 09:42:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexnstl.exe[2012.09.22 09:40:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\snstl.exe[2012.09.22 09:40:33 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\shnstl.exe[2012.09.22 09:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootnstl.exe[2012.09.22 09:40:18 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\xpnstl.exe[2012.09.14 23:29:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot123.exe[2012.09.14 22:33:39 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\xp123.exe[2012.09.10 11:20:44 | 000,001,308 | ---- | C] () -- C:\WINDOWS\x7.exe[2012.09.05 18:28:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stsql.exe[2012.09.05 18:28:24 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\zysql.exe[2012.09.05 18:28:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssql.exe[2012.09.05 18:28:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shsql.exe[2012.09.05 18:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootsql.exe[2012.09.05 18:27:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpsql.exe[2012.08.25 11:01:27 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp1433.exe[2012.08.20 21:33:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stddos.exe[2012.08.20 05:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sddos.exe[2012.08.20 05:51:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\shddos.exe[2012.08.15 00:18:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2012.08.14 21:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootddos.exe[2012.08.12 19:53:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\yk.exe[2012.08.05 21:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st1.exe[2012.08.05 21:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot1.exe[2012.08.03 14:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stnb.exe[2012.08.03 14:33:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\zynb.exe[2012.08.03 11:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\snb.exe[2012.08.03 11:46:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootnb.exe[2012.08.03 11:46:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\xpnb.exe[2012.07.22 06:41:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot135.exe[2012.07.22 06:41:55 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\xp135.exe[2012.07.22 01:46:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\APmpg4v1.dll[2012.07.18 21:42:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stds.exe[2012.07.18 21:42:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sds.exe[2012.07.18 21:42:30 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\shds.exe[2012.07.14 21:13:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootds.exe[2012.07.08 02:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stxx25.exe[2012.07.08 02:49:55 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\zyxx25.exe[2012.07.07 18:42:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stwps.exe[2012.07.07 18:41:51 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\zywps.exe[2012.07.07 14:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sxx25.exe[2012.07.07 14:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\shxx25.exe[2012.07.07 14:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootxx25.exe[2012.07.03 15:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\stx7.exe[2012.07.03 15:18:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\zyx7.exe[2012.07.03 15:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sx7.exe[2012.07.03 15:17:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\shx7.exe[2012.07.03 15:17:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootx7.exe[2012.07.03 15:17:30 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\xpx7.exe[2012.07.03 10:37:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ddos.exe[2012.07.03 10:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\xx25.exe[2012.07.03 10:36:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\007.exe[2012.06.28 20:53:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\st007.exe[2012.06.28 20:53:19 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\zy007.exe[2012.06.28 20:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\s007.exe[2012.06.28 20:52:56 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\sh007.exe[2012.06.28 20:52:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\boot007.exe[2012.06.28 20:51:58 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\sb.dat[2012.06.19 02:14:33 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\BARRIO OOD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.06.11 04:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootsd.exe[2012.06.11 04:11:10 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\xpsd.exe[2012.06.10 14:00:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\zycc.exe[2012.06.10 14:00:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\shcc.exe[2012.06.10 14:00:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\xpcc.exe[2012.06.08 17:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swps.exe[2012.06.08 17:14:51 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shwps.exe[2012.06.08 17:14:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bootwps.exe[2012.06.08 17:14:38 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpwps.exe[2012.05.15 05:14:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll[2012.05.03 17:47:11 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\zyconfigs.exe[2012.05.03 17:46:56 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\shconfigs.exe[2012.05.03 17:46:15 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\xpconfigs.exe[2012.05.01 01:11:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\zysys.exe[2012.05.01 01:09:55 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\shsys.exe[2012.05.01 01:09:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\xpsys.exe[2012.04.29 08:32:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\sh1.exe[2012.04.16 23:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hexas.exe[2012.04.16 23:16:27 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\zyas.exe[2012.04.16 23:16:23 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\shas.exe[2012.04.16 23:16:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\xpas.exe[2012.04.16 23:15:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\wcs.dat[2012.04.14 16:52:43 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\njx.dat[2012.04.09 17:48:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll[2012.04.08 12:25:42 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat[2012.04.08 03:34:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2012.04.08 03:33:08 | 000,103,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012.04.08 03:04:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2012.04.08 01:57:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012.04.08 01:49:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2012.04.08 01:43:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.04.08 00:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 10:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 10:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2012.04.09 17:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software[2012.10.23 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2012.04.07 12:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro[2012.04.08 00:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microinvest[2012.04.08 12:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver[2012.09.24 04:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BARRIO OOD\Application Data\BitComet[2012.07.22 04:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BARRIO OOD\Application Data\DAEMON Tools Pro[2012.10.15 23:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BARRIO OOD\Application Data\searchquband[2012.10.16 01:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BARRIO OOD\Application Data\searchqutoolbar[2012.12.19 16:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\searchquband[2012.12.19 16:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\searchqutoolbar ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* >[2012.12.30 23:27:46 | 000,051,100 | ---- | M] () -- C:\1234.exe[2012.12.01 02:41:45 | 000,000,000 | ---- | M] () -- C:\2.exe[2012.04.25 03:27:52 | 000,000,047 | ---- | M] () -- C:\361.vbs[2012.04.08 01:46:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2012.09.06 06:15:52 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2012.07.13 13:27:29 | 000,000,000 | ---- | M] () -- C:\boot007.exe[2012.09.17 20:51:55 | 000,000,000 | ---- | M] () -- C:\bootddos.exe[2012.07.18 21:42:25 | 000,000,000 | ---- | M] () -- C:\bootds.exe[2012.10.27 11:58:34 | 000,000,000 | ---- | M] () -- C:\bootkv.exe[2012.12.25 09:34:50 | 000,000,000 | ---- | M] () -- C:\bootljf.exe[2012.11.04 11:05:32 | 000,000,000 | ---- | M] () -- C:\bootlsass.exe[2012.10.11 09:46:52 | 000,000,000 | ---- | M] () -- C:\bootmx36.exe[2012.10.06 03:25:48 | 000,000,000 | ---- | M] () -- C:\bootmxcs.exe[2012.08.31 13:33:12 | 000,000,000 | ---- | M] () -- C:\bootnb.exe[2012.09.22 09:40:25 | 000,000,000 | ---- | M] () -- C:\bootnstl.exe[2012.10.09 01:36:40 | 000,000,000 | ---- | M] () -- C:\bootpkill.exe[2012.06.11 04:11:25 | 000,000,000 | ---- | M] () -- C:\bootsd.exe[2012.10.24 08:50:16 | 000,000,000 | ---- | M] () -- C:\bootserver.exe[2012.09.05 18:28:04 | 000,000,000 | ---- | M] () -- C:\bootsql.exe[2012.07.07 18:41:41 | 000,000,000 | ---- | M] () -- C:\bootwps.exe[2012.07.03 15:17:43 | 000,000,000 | ---- | M] () -- C:\bootx7.exe[2012.07.13 17:20:11 | 000,000,000 | ---- | M] () -- C:\bootxx25.exe[2012.10.12 08:58:47 | 000,000,000 | ---- | M] () -- C:\bootzxc.exe[2012.12.25 16:10:18 | 000,000,000 | ---- | M] () -- C:\cmd.exe[2012.04.08 01:46:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2012.12.31 12:38:27 | 000,000,000 | ---- | M] () -- C:\hex1.exe[2013.01.04 19:57:11 | 000,000,000 | ---- | M] () -- C:\hex123.exe[2012.12.31 21:46:11 | 000,064,326 | ---- | M] (酷狗游戏) -- C:\hex999.exe[2012.04.25 03:30:14 | 000,000,000 | ---- | M] () -- C:\hexas.exe[2012.06.10 14:11:34 | 000,552,960 | ---- | M] (360.cn) -- C:\hexcc.exe[2012.12.21 13:24:23 | 000,000,000 | ---- | M] () -- C:\hexcsrrs.exe[2012.12.19 03:05:34 | 000,070,592 | ---- | M] (Tendyron Co, Ltd.) -- C:\hexhong.exe[2012.10.29 11:16:30 | 000,000,000 | ---- | M] () -- C:\hexinet.exe[2012.10.30 12:44:38 | 000,000,000 | ---- | M] () -- C:\hexmnet.exe[2012.10.11 09:47:40 | 000,000,000 | ---- | M] () -- C:\hexmx36.exe[2012.10.06 03:26:56 | 000,000,000 | ---- | M] () -- C:\hexmxcs.exe[2012.09.22 09:42:47 | 000,000,000 | ---- | M] () -- C:\hexnstl.exe[2012.10.09 01:37:46 | 000,000,000 | ---- | M] () -- C:\hexpkill.exe[2012.12.03 00:27:53 | 000,000,000 | ---- | M] () -- C:\hexsx.exe[2013.01.05 15:45:14 | 000,000,000 | ---- | M] () -- C:\hexwuyu.exe[2012.12.21 12:36:39 | 000,000,000 | ---- | M] () -- C:\hexyaotong.exe[2012.04.08 01:46:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2012.04.08 01:46:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008.04.14 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008.04.14 10:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr[2013.01.06 18:43:49 | 3196,059,648 | -HS- | M] () -- C:\pagefile.sys[2012.07.13 13:27:42 | 000,000,000 | ---- | M] () -- C:\s007.exe[2012.09.17 20:52:07 | 000,000,000 | ---- | M] () -- C:\sddos.exe[2012.07.18 21:42:35 | 000,000,000 | ---- | M] () -- C:\sds.exe[2012.04.25 03:29:22 | 000,000,060 | ---- | M] () -- C:\shas.exe[2012.09.17 20:52:05 | 000,000,063 | ---- | M] () -- C:\shddos.exe[2012.10.27 11:58:38 | 000,000,057 | ---- | M] () -- C:\shkv.exe[2012.12.25 09:34:59 | 000,000,060 | ---- | M] () -- C:\shljf.exe[2012.11.04 11:05:43 | 000,000,065 | ---- | M] () -- C:\shlsass.exe[2012.10.11 09:47:00 | 000,000,064 | ---- | M] () -- C:\shmx36.exe[2012.10.06 03:26:01 | 000,000,064 | ---- | M] () -- C:\shmxcs.exe[2012.09.22 09:40:47 | 000,000,063 | ---- | M] () -- C:\shnstl.exe[2012.10.09 01:36:55 | 000,000,066 | ---- | M] () -- C:\shpkill.exe[2012.09.05 18:28:15 | 000,000,060 | ---- | M] () -- C:\shsql.exe[2012.05.04 04:46:00 | 000,000,063 | ---- | M] () -- C:\shsys.exe[2012.12.19 22:45:44 | 000,000,103 | ---- | M] () -- C:\shsystem1[2012.12.20 16:58:06 | 000,000,103 | ---- | M] () -- C:\shsystem3[2012.07.03 15:18:07 | 000,000,066 | ---- | M] () -- C:\shx7.exe[2012.10.12 09:48:24 | 000,000,061 | ---- | M] () -- C:\shzxc.exe[2012.12.25 09:35:01 | 000,000,000 | ---- | M] () -- C:\sljf.exe[2012.11.04 11:05:46 | 000,000,000 | ---- | M] () -- C:\slsass.exe[2012.10.11 09:47:02 | 000,000,000 | ---- | M] () -- C:\smx36.exe[2012.10.06 03:26:02 | 000,000,000 | ---- | M] () -- C:\smxcs.exe[2012.08.10 12:51:53 | 000,000,000 | ---- | M] () -- C:\snb.exe[2012.09.22 09:40:48 | 000,000,000 | ---- | M] () -- C:\snstl.exe[2012.10.09 01:36:56 | 000,000,000 | ---- | M] () -- C:\spkill.exe[2012.10.24 08:50:27 | 000,000,000 | ---- | M] () -- C:\sserver.exe[2012.09.05 18:28:22 | 000,000,000 | ---- | M] () -- C:\ssql.exe[2012.07.16 21:39:22 | 000,000,000 | ---- | M] () -- C:\st007.exe[2012.09.17 20:52:18 | 000,000,000 | ---- | M] () -- C:\stddos.exe[2012.08.14 12:23:25 | 000,000,000 | ---- | M] () -- C:\stds.exe[2012.10.27 11:58:53 | 000,000,000 | ---- | M] () -- C:\stkv.exe[2012.11.04 11:05:56 | 000,000,000 | ---- | M] () -- C:\stlsass.exe[2012.10.11 09:47:09 | 000,000,000 | ---- | M] () -- C:\stmx36.exe[2012.10.06 03:26:11 | 000,000,000 | ---- | M] () -- C:\stmxcs.exe[2012.08.10 12:52:00 | 000,000,000 | ---- | M] () -- C:\stnb.exe[2012.09.22 09:41:16 | 000,000,000 | ---- | M] () -- C:\stnstl.exe[2012.10.09 01:37:07 | 000,000,000 | ---- | M] () -- C:\stpkill.exe[2012.10.24 08:50:32 | 000,000,000 | ---- | M] () -- C:\stserver.exe[2012.09.05 18:28:33 | 000,000,000 | ---- | M] () -- C:\stsql.exe[2012.07.07 18:42:07 | 000,000,000 | ---- | M] () -- C:\stwps.exe[2012.07.03 15:18:18 | 000,000,000 | ---- | M] () -- C:\stx7.exe[2012.07.19 13:39:37 | 000,000,000 | ---- | M] () -- C:\stxx25.exe[2012.10.12 08:59:02 | 000,000,000 | ---- | M] () -- C:\stzxc.exe[2012.07.07 18:41:59 | 000,000,000 | ---- | M] () -- C:\swps.exe[2012.07.03 15:18:09 | 000,000,000 | ---- | M] () -- C:\sx7.exe[2012.07.19 13:39:27 | 000,000,000 | ---- | M] () -- C:\sxx25.exe[2012.08.05 21:25:17 | 000,012,288 | ---- | M] () -- C:\system64.log[2012.10.12 08:58:57 | 000,000,000 | ---- | M] () -- C:\szxc.exe[2013.01.04 19:55:51 | 000,000,075 | ---- | M] () -- C:\xp123.exe[2012.11.26 18:04:29 | 000,000,059 | ---- | M] () -- C:\xp2.exe[2012.04.25 03:29:08 | 000,000,063 | ---- | M] () -- C:\xpas.exe[2012.10.28 17:00:15 | 000,000,062 | ---- | M] () -- C:\xpavp.exe[2012.10.27 11:58:26 | 000,000,060 | ---- | M] () -- C:\xpkv.exe[2012.12.25 09:34:44 | 000,000,063 | ---- | M] () -- C:\xpljf.exe[2013.01.05 01:45:06 | 000,000,074 | ---- | M] () -- C:\xplsass.exe[2012.10.11 09:46:47 | 000,000,067 | ---- | M] () -- C:\xpmx36.exe[2012.10.06 03:25:43 | 000,000,067 | ---- | M] () -- C:\xpmxcs.exe[2012.08.31 13:33:07 | 000,000,064 | ---- | M] () -- C:\xpnb.exe[2012.09.22 09:40:20 | 000,000,066 | ---- | M] () -- C:\xpnstl.exe[2012.10.09 01:36:33 | 000,000,069 | ---- | M] () -- C:\xppkill.exe[2012.06.11 04:11:12 | 000,000,060 | ---- | M] () -- C:\xpsd.exe[2012.10.29 18:58:17 | 000,000,064 | ---- | M] () -- C:\xpSER1.exe[2012.09.05 18:27:55 | 000,000,063 | ---- | M] () -- C:\xpsql.exe[2012.05.04 04:45:38 | 000,000,066 | ---- | M] () -- C:\xpsys.exe[2012.10.18 20:01:03 | 000,000,062 | ---- | M] () -- C:\xpVS.exe[2012.07.05 10:38:46 | 000,000,069 | ---- | M] () -- C:\xpx7.exe[2012.12.21 12:35:13 | 000,002,359 | ---- | M] () -- C:\yaotong.exe[2012.04.25 03:29:29 | 000,000,061 | ---- | M] () -- C:\zyas.exe[2012.09.17 20:52:15 | 000,000,064 | ---- | M] () -- C:\zyddos.exe[2012.08.14 12:23:22 | 000,000,067 | ---- | M] () -- C:\zyds.exe[2012.11.04 11:05:54 | 000,000,066 | ---- | M] () -- C:\zylsass.exe[2012.10.11 09:47:08 | 000,000,065 | ---- | M] () -- C:\zymx36.exe[2012.10.06 03:26:10 | 000,000,065 | ---- | M] () -- C:\zymxcs.exe[2012.09.22 09:41:15 | 000,000,064 | ---- | M] () -- C:\zynstl.exe[2012.10.09 01:37:06 | 000,000,067 | ---- | M] () -- C:\zypkill.exe[2012.09.05 18:28:27 | 000,000,061 | ---- | M] () -- C:\zysql.exe[2012.12.19 22:45:47 | 000,000,104 | ---- | M] () -- C:\zysystem1[2012.12.20 16:58:12 | 000,000,104 | ---- | M] () -- C:\zysystem3[2012.07.07 18:41:54 | 000,000,061 | ---- | M] () -- C:\zywps.exe[2012.07.03 15:18:16 | 000,000,067 | ---- | M] () -- C:\zyx7.exe[2012.07.19 13:39:36 | 000,000,065 | ---- | M] () -- C:\zyxx25.exe < %USERPROFILE%*.* >[2012.12.30 09:23:12 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\cmd.txt[2013.01.06 18:43:28 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\BARRIO OOD\NTUSER.DAT[2013.01.06 19:03:02 | 000,016,384 | -H-- | M] () -- C:\Documents and Settings\BARRIO OOD\ntuser.dat.LOG[2012.12.31 22:58:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BARRIO OOD\ntuser.ini[2012.12.29 09:15:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\PPTV(pplive)_jinshan_36369.exe[2012.12.28 10:05:38 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\BARRIO OOD\x < %USERPROFILE%AppDataLocal*.* > < %USERPROFILE%AppDataRoaming*.* >Invalid Environment Variable: ProgramData < %CommonProgramFiles%*.* > < %PROGRAMFILES%*.* > < %systemroot%system32*.dll /lockedfiles > < %systemroot%Tasks*.job /lockedfiles > < %systemroot%system32drivers*.sys /90 > < %systemroot%system32drivers*.sys /lockedfiles > < %systemroot%system32Spoolprtprocsw32x86*.dll > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE >[2008.04.14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008.04.14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: USERINIT.EXE >[2008.04.14 10:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe[2008.04.14 10:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008.04.14 10:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys[2008.04.14 10:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys < MD5 for: WINLOGON.EXE >[2008.04.14 10:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe[2008.04.14 10:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report > Цитирай Link to comment Сподели другаде More sharing options...
icotonev Публикувано Януари 6, 2013 Report Share Публикувано Януари 6, 2013 alximika, здравейте..За съжаление вашата система е заразена и виждам активни зарази..За целта:...Във този подраздел създайте ваша нова тема и прочетете и следвайте стъпките на тази инструкция: Инструкции и съвети за получаване на помощ за премахване на зловреден код Поздрави Ицо Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Здравейте! Хайде и аз да ви се оплача,че имам проблем с фейса ^^; нямаше ме два дена, през тези два дена влизах в акаунта си чрез телефона (не знам дали има значение) връщам се на рс - влизам, но когато тръгна да отворя някое съобщение или да цъкна на друга фб страница, започва да зарежда, да зарежда, така и не я зарежда, дава ми еrror. Всичко друго си върви идеално, така е само с този сайт от около 2 дена, прочетох от тук от там, свалих си мозила - същата работа. изтеглих най-новата версия на chrome - беше си идеално за няколко минути, сега пак не иска да зарежда. Снощи също се беше оправил за малко от само себе си. Имам си ccleaner, чистя редовно. Сканирах с Anti-malware - два зловредни обекта засече,премахнах ги. DNS кеша изчистих .. друго какво да направя не знам. оправя се за малко, после пак се почва безкрайното зареждане. Ако някой знае какво друго мога да направя, моля да ми каже. Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Стартирайте системата в режим на работа Safe Mode with Networking и проверете дали проблемът е налице. Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Не се оправя. Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Изтеглете прикачения архив и го разархивирайте в директория по Ваше желание. Стартирайте HOSTS.bat с двоен клик на мишката. В следната директория ще се създаде следния следния файл:C:\hosts.txtМоля, прикачете въпросния файл към следващия Ви коментар.HOSTS.zip Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Заповядай.hosts.txt Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Изпълнете инструкциите от този коментар. Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Изпълних всичко и архивирах файловете, заповядай.files.zip Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Моля, деинсталирайте Sponsorkeyword посредством Add or Remove Programs. След това: Изтеглете AdwCleanerЗапазете файла на Вашия десктоп.Спрете работата на всички програми и браузъри.Стартирайте инструмента.Изберете бутон Delete.Вашата система ще се рестартира автоматично.Моля, прикачете log-файла, създаден от инструмента, в следващия Ви коментар. Log-файлът е наименован AdwCleaner[s1].txt и се намира в следната директория:C:\ Изтеглете JRTЗапазете файла на Вашия десктоп.Спрете временно работата на всички приложения, включително и на защитните програми, които са инсталирани на системата.Стартирайте JRT.exe.При новопоявилия се прозорец, натиснете който и да е клавиш от клавиатурата.Инструментът ще сканира системата.След края на процеса, ще се създаде log-файл с наименования JRT.txtМоля, прикачете този файл към следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 ЕтоJRT.txtAdwCleanerS1.txt Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 Изтеглете OTLЗапазете файла на Вашия десктоп.Стартирайте инструмента.Уверете се, че процесът на сканиране няма да бъде прекъснат.В главния прозорец на програмата сложете отметка пред Scan All Users.В полето Standart Registry изберете All.Сложете отметки пред LOP Check и Purity Check.От падащото меню File Age изберете 90 days.Уверете се, че има отметкa пред Skip Microsoft Files.В полето Custom Scans/Fixes поставете следния текст:netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\temp\*.exe %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Local\*. %USERPROFILE%\AppData\Local\temp\*.exe %USERPROFILE%\AppData\Roaming\*.* %USERPROFILE%\AppData\Roaming\*. %Public%\Documents\Fonts\*.exe %Public%\Documents\Config\*.exe %Public%\Documents\*.* %ProgramData%\*.* %ProgramData%\*. %CommonProgramFiles%\*.* %CommonProgramFiles%\ComObjects*.exe %commonprogramfiles(x86)%\*.* %programfiles%\*.* %programfiles%\*. %ProgramFiles(x86)%\*.* %ProgramFiles(x86)%\*. %systemroot%\system32\config\systemprofile\AppData\Local\*.* %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb %windir%\temp\*.exe %windir%\*. %windir%\installer\*. %windir%\system32\*. %windir%\sysnative\*. %Temp%\smtmp\1\*.* %Temp%\smtmp\2\*.* %Temp%\smtmp\3\*.* %Temp%\smtmp\4\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\syswow64\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\syswow64\drivers\*.sys /90 %systemroot%\syswow64\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /rp /s %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.ini %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini %SystemRoot%\assembly\GAC_MSIL\*.ini HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s HKEY_CURRENT_USER\Software\MSOLoad /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll consrv.dll services.exe explorer.exe lsass.exe svchost.exe wininit.exe winlogon.exe userinit.exe atapi.sys iaStor.sys serial.sys volsnap.sys disk.sys redbook.sys i8042prt.sys afd.sys netbt.sys csc.sys tcpip.sys dfsc.sys hlp.dat str.sys crexv.ocx /md5stopКопирайте кода точно както е даден. Уверете се, че всяка от командите е на нов ред, както е в полето. Натиснете бутона Run Scan. Ще започне сканиране, което няма да продължи дълго.Когато сканирането приключи автоматично ще се отворят два Notepad log-файла - OTL.txt и Extras.txt. Моля, прикачете тези два файла към следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
boxie Публикувано Януари 29, 2013 Report Share Публикувано Януари 29, 2013 ^^;OTL.TxtExtras.Txt Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 30, 2013 Report Share Публикувано Януари 30, 2013 Стартирайте отново OTL. В полето Custom Scans/Fixes поставете следния текст ::OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp IE - HKU\S-1-5-21-73586283-115176313-682003330-1003\..\SearchScopes\{499f5088-18ff-49d5-92d7-e4a34c551a60}: "URL" = http://apype.com/results.php?q={searchTerms} FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found [2009.06.14 16:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org O4 - HKU\S-1-5-21-73586283-115176313-682003330-1003..\Run: [KeywordSearchUpdater] C:\Program Files\Keyword Search\KeywordSearchUpdater.exe File not found O4 - HKU\S-1-5-21-73586283-115176313-682003330-1003..\Run: [QNPlus] File not found O4 - HKU\S-1-5-21-73586283-115176313-682003330-1003..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found O4 - HKU\S-1-5-21-73586283-115176313-682003330-1003..\Run: [sNJQ66R8MU] C:\DOCUME~1\user\LOCALS~1\Temp\Cdx.exe File not found O4 - HKU\S-1-5-21-73586283-115176313-682003330-1003..\Run: [sponsorkeywordagent] C:\Program Files\sponsorkeyword\sponsorkeywordagent.exe File not found @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4E393D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED3F622D :Files C:\WINDOWS\temp\ytdToolbar.exe :Commands [emptytemp] Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето. След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата. След рестартирането на системата, ще се появи log-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния log-файл към следващия Ви коментар. Mоля, качете във VirusTotal следния файл:C:\WINDOWS\ALCHUNIN.EXEАко бъде изписано File already analysed изберете бутон Reanalyse и кажете резултата в следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
ba4o_kiro Публикувано Февруари 2, 2013 Report Share Публикувано Февруари 2, 2013 Здравейте! Хайде и аз да ви се оплача,че имам проблем с фейса ^^; нямаше ме два дена, през тези два дена влизах в акаунта си чрез телефона (не знам дали има значение) връщам се на рс - влизам, но когато тръгна да отворя някое съобщение или да цъкна на друга фб страница, започва да зарежда, да зарежда, така и не я зарежда, дава ми еrror. Всичко друго си върви идеално, така е само с този сайт от около 2 дена, прочетох от тук от там, свалих си мозила - същата работа. изтеглих най-новата версия на chrome - беше си идеално за няколко минути, сега пак не иска да зарежда. Снощи също се беше оправил за малко от само себе си. Имам си ccleaner, чистя редовно. Сканирах с Anti-malware - два зловредни обекта засече,премахнах ги. DNS кеша изчистих .. друго какво да направя не знам. оправя се за малко, после пак се почва безкрайното зареждане. Ако някой знае какво друго мога да направя, моля да ми каже.Ще пиша тук тъй като си мисля че имах сходен проблем.Със тази разлика че съм зад рутер.Та проблема ми беше следният:Изтеглих си не позната програма. Стартирах я, да се инсталира, и проблем.DNS настрийките на рутера са променени.Някои страници се зареждат други не.Бях направил Бекап на настройките на рутера.Връщам ги и след малко отново промяна.Сканирах със MAM, SAS.Нищо не помогна.Сетих се за диск , който си бях записал като бутващ.https://support.kaspersky.com/viruses/rescuediskТук не знам дали прекрачвам правилата на форума, но това ми помогна да се справя със вируса.Тук е много важно да може самата програма да се обнови. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.