Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora help


  • Please log in to reply

#31
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi

Hold on just a sec please
  • 0

Advertisements


#32
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Enter the directory to search"
    • Enter Drive , in this case, C:\
  • In the box labeled "Enter the file to search"
    • Enter the file guycrm.exe
  • Now click on the "Find" button
  • Once the utility has found the files click on "Export"
  • This will save a text file to your C:\ drive as "Export.txt"
  • Double click on Export.txt, copy and paste this information in your next post

View Post

[/quote]
  • 0

#33
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
:tazz: Still didn't find anything.
  • 0

#34
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

I was afraid you might say that :) . OK, we cant do this the elegant way so back to the old fashioned methods, Can you please -

1)- Update Spysweeper , then reboot into safe mode and run it. Save the report and post at the end. Reboot into Normal mode and get me a fresh HJT log.

2)- Get me fresh reports from

Safe Mode Start up list
Regsearch
Non PnP Devices Screenshots

3)- Download and run this analysis tool, Blacklight.

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

4) Post the output from all these steps.

Thanks :tazz:
  • 0

#35
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
:tazz: Shwoooh, OK, I think I got everything you needed.

********
8:29 AM: |··· Start of Session, Friday, October 07, 2005 ···|
8:29 AM: Spy Sweeper started
8:29 AM: Sweep initiated using definitions version 551
8:29 AM: Starting Memory Sweep
8:30 AM: Memory Sweep Complete, Elapsed Time: 00:00:45
8:30 AM: Starting Registry Sweep
8:30 AM: Registry Sweep Complete, Elapsed Time:00:00:08
8:30 AM: Starting Cookie Sweep
8:30 AM: Found Spy Cookie: 2o7.net cookie
8:30 AM: jbrown@2o7[1].txt (ID = 1957)
8:30 AM: Found Spy Cookie: clickbank cookie
8:30 AM: jbrown@clickbank[1].txt (ID = 2398)
8:30 AM: Found Spy Cookie: metriweb.be cookie
8:30 AM: jbrown@metriweb[1].txt (ID = 2992)
8:30 AM: Found Spy Cookie: pub cookie
8:30 AM: jbrown@pub[1].txt (ID = 3205)
8:30 AM: Found Spy Cookie: onestat.com cookie
8:30 AM: jbrown@stat.onestat[2].txt (ID = 3098)
8:30 AM: Found Spy Cookie: myaffiliateprogram.com cookie
8:30 AM: jbrown@www.myaffiliateprogram[1].txt (ID = 3032)
8:30 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:30 AM: Starting File Sweep
8:39 AM: File Sweep Complete, Elapsed Time: 00:08:47
8:39 AM: Full Sweep has completed. Elapsed time 00:09:45
8:39 AM: Traces Found: 6
8:40 AM: Removal process initiated
8:40 AM: Quarantining All Traces: 2o7.net cookie
8:40 AM: Quarantining All Traces: clickbank cookie
8:40 AM: Quarantining All Traces: metriweb.be cookie
8:40 AM: Quarantining All Traces: pub cookie
8:40 AM: Quarantining All Traces: onestat.com cookie
8:40 AM: Quarantining All Traces: myaffiliateprogram.com cookie
8:40 AM: Removal process completed. Elapsed time 00:00:02
********
11:52 AM: |··· Start of Session, Tuesday, October 04, 2005 ···|
11:52 AM: Spy Sweeper started
11:52 AM: Sweep initiated using definitions version 545
11:52 AM: Starting Memory Sweep
11:53 AM: Memory Sweep Complete, Elapsed Time: 00:00:41
11:53 AM: Starting Registry Sweep
11:53 AM: Registry Sweep Complete, Elapsed Time:00:00:08
11:53 AM: Starting Cookie Sweep
11:53 AM: Found Spy Cookie: 2o7.net cookie
11:53 AM: jbrown@2o7[2].txt (ID = 1957)
11:53 AM: Found Spy Cookie: apmebf cookie
11:53 AM: jbrown@apmebf[2].txt (ID = 2229)
11:53 AM: Found Spy Cookie: qksrv cookie
11:53 AM: jbrown@qksrv[2].txt (ID = 3213)
11:53 AM: Found Spy Cookie: falkag cookie
11:53 AM: system@as-us.falkag[1].txt (ID = 2650)
11:53 AM: Found Spy Cookie: ask cookie
11:53 AM: system@ask[1].txt (ID = 2245)
11:53 AM: Found Spy Cookie: bluestreak cookie
11:53 AM: system@bluestreak[2].txt (ID = 2314)
11:53 AM: Found Spy Cookie: burstnet cookie
11:53 AM: system@burstnet[2].txt (ID = 2336)
11:53 AM: Found Spy Cookie: enhance cookie
11:53 AM: system@c.enhance[1].txt (ID = 2614)
11:53 AM: Found Spy Cookie: casalemedia cookie
11:53 AM: system@casalemedia[1].txt (ID = 2354)
11:53 AM: Found Spy Cookie: ru4 cookie
11:53 AM: system@edge.ru4[1].txt (ID = 3269)
11:53 AM: Found Spy Cookie: exitexchange cookie
11:53 AM: system@exitexchange[2].txt (ID = 2633)
11:53 AM: Found Spy Cookie: findwhat cookie
11:53 AM: system@findwhat[1].txt (ID = 2674)
11:53 AM: Found Spy Cookie: videodome cookie
11:53 AM: system@g6publish.videodome[1].txt (ID = 3639)
11:53 AM: Found Spy Cookie: hypertracker.com cookie
11:53 AM: system@hypertracker[1].txt (ID = 2817)
11:53 AM: Found Spy Cookie: mygeek cookie
11:53 AM: system@mygeek[1].txt (ID = 3041)
11:53 AM: Found Spy Cookie: paypopup cookie
11:53 AM: system@paypopup[2].txt (ID = 3119)
11:53 AM: Found Spy Cookie: overture cookie
11:53 AM: system@perf.overture[1].txt (ID = 3106)
11:53 AM: Found Spy Cookie: questionmarket cookie
11:53 AM: system@questionmarket[1].txt (ID = 3217)
11:53 AM: Found Spy Cookie: realmedia cookie
11:53 AM: system@realmedia[1].txt (ID = 3235)
11:53 AM: Found Spy Cookie: rednova cookie
11:53 AM: system@rednova[1].txt (ID = 3245)
11:53 AM: Found Spy Cookie: server.iad.liveperson cookie
11:53 AM: system@server.iad.liveperson[2].txt (ID = 3341)
11:53 AM: Found Spy Cookie: statcounter cookie
11:53 AM: system@statcounter[2].txt (ID = 3447)
11:53 AM: Found Spy Cookie: tickle cookie
11:53 AM: system@tickle[2].txt (ID = 3529)
11:53 AM: Found Spy Cookie: trafficmp cookie
11:53 AM: system@trafficmp[2].txt (ID = 3581)
11:53 AM: Found Spy Cookie: tribalfusion cookie
11:53 AM: system@tribalfusion[1].txt (ID = 3589)
11:53 AM: system@videodome[1].txt (ID = 3638)
11:53 AM: Found Spy Cookie: burstbeacon cookie
11:53 AM: system@www.burstbeacon[2].txt (ID = 2335)
11:53 AM: system@www.rednova[1].txt (ID = 3246)
11:53 AM: Found Spy Cookie: redzip cookie
11:53 AM: system@www.redzip[2].txt (ID = 3250)
11:53 AM: system@as-us.falkag[1].txt (ID = 2650)
11:53 AM: system@ask[1].txt (ID = 2245)
11:53 AM: system@bluestreak[2].txt (ID = 2314)
11:53 AM: system@burstnet[2].txt (ID = 2336)
11:53 AM: system@c.enhance[1].txt (ID = 2614)
11:53 AM: system@casalemedia[1].txt (ID = 2354)
11:53 AM: system@edge.ru4[1].txt (ID = 3269)
11:53 AM: system@exitexchange[2].txt (ID = 2633)
11:53 AM: system@findwhat[1].txt (ID = 2674)
11:53 AM: system@g6publish.videodome[1].txt (ID = 3639)
11:53 AM: system@hypertracker[1].txt (ID = 2817)
11:53 AM: system@mygeek[1].txt (ID = 3041)
11:53 AM: system@paypopup[2].txt (ID = 3119)
11:53 AM: system@perf.overture[1].txt (ID = 3106)
11:53 AM: system@questionmarket[1].txt (ID = 3217)
11:53 AM: system@realmedia[1].txt (ID = 3235)
11:53 AM: system@rednova[1].txt (ID = 3245)
11:53 AM: system@server.iad.liveperson[2].txt (ID = 3341)
11:53 AM: system@statcounter[2].txt (ID = 3447)
11:53 AM: system@tickle[2].txt (ID = 3529)
11:53 AM: system@trafficmp[2].txt (ID = 3581)
11:53 AM: system@tribalfusion[1].txt (ID = 3589)
11:53 AM: system@videodome[1].txt (ID = 3638)
11:53 AM: system@www.burstbeacon[2].txt (ID = 2335)
11:53 AM: system@www.rednova[1].txt (ID = 3246)
11:53 AM: system@www.redzip[2].txt (ID = 3250)
11:53 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:53 AM: Starting File Sweep
12:01 PM: File Sweep Complete, Elapsed Time: 00:08:26
12:01 PM: Full Sweep has completed. Elapsed time 00:09:21
12:01 PM: Traces Found: 55
12:03 PM: Removal process initiated
12:03 PM: Quarantining All Traces: 2o7.net cookie
12:03 PM: Quarantining All Traces: apmebf cookie
12:03 PM: Quarantining All Traces: qksrv cookie
12:03 PM: Quarantining All Traces: falkag cookie
12:03 PM: Quarantining All Traces: ask cookie
12:03 PM: Quarantining All Traces: bluestreak cookie
12:03 PM: Quarantining All Traces: burstnet cookie
12:03 PM: Quarantining All Traces: enhance cookie
12:03 PM: Quarantining All Traces: casalemedia cookie
12:03 PM: Quarantining All Traces: ru4 cookie
12:03 PM: Quarantining All Traces: exitexchange cookie
12:03 PM: Quarantining All Traces: findwhat cookie
12:03 PM: Quarantining All Traces: videodome cookie
12:03 PM: Quarantining All Traces: hypertracker.com cookie
12:03 PM: Quarantining All Traces: mygeek cookie
12:03 PM: Quarantining All Traces: paypopup cookie
12:03 PM: Quarantining All Traces: overture cookie
12:03 PM: Quarantining All Traces: questionmarket cookie
12:03 PM: Quarantining All Traces: realmedia cookie
12:03 PM: Quarantining All Traces: rednova cookie
12:03 PM: Quarantining All Traces: server.iad.liveperson cookie
12:03 PM: Quarantining All Traces: statcounter cookie
12:03 PM: Quarantining All Traces: tickle cookie
12:03 PM: Quarantining All Traces: trafficmp cookie
12:03 PM: Quarantining All Traces: tribalfusion cookie
12:03 PM: Quarantining All Traces: burstbeacon cookie
12:03 PM: Quarantining All Traces: redzip cookie
12:03 PM: Removal process completed. Elapsed time 00:00:04
10:03 AM: Processing Internet Explorer Favorites Alerts
10:03 AM: Removed IE Favorite: Gigabuys
10:03 AM: Removed IE Favorite: Dell Auction
10:03 AM: Processing Internet Explorer Favorites Alerts
10:03 AM: Removed IE Favorite: The Jeep Doctor - Willies Jeeps - New & Used parts for MB, GPW, CJ2A, CJ3A, CJ3B, M-38, M38A1, CJ5, Willy's Pick-ups & Willy's
10:03 AM: Processing Internet Explorer Favorites Alerts
10:03 AM: Allowed IE Favorite: Support.Dell.com
10:03 AM: Allowed IE Favorite: Dell
10:03 AM: Allowed IE Favorite: COACH BOOG'S HOT NEW WEB SITE
10:03 AM: Allowed IE Favorite: SchoolResults.org - School Information Partnership (SIP)
10:03 AM: Allowed IE Favorite: The American Spectator
4:59 PM: Your spyware definitions have been updated.
8:19 AM: Updating spyware definitions
8:19 AM: Your spyware definitions have been updated.
********
4:52 PM: |··· Start of Session, Wednesday, September 28, 2005 ···|
4:52 PM: Spy Sweeper started
4:52 PM: Sweep initiated using definitions version 545
4:52 PM: Starting Memory Sweep
4:52 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:52 PM: Found Trojan Horse: lzio
4:52 PM: Detected running threat: C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe (ID = 48)
4:52 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || guycrm (ID = 0)
4:54 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
4:54 PM: Starting Registry Sweep
4:54 PM: Registry Sweep Complete, Elapsed Time:00:00:06
4:54 PM: Starting Cookie Sweep
4:55 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:55 PM: Starting File Sweep
5:03 PM: Warning: Failed to read file "c:\documents and settings\jbrown\local settings\temp\~dfc074.tmp". System Error. Code: 32.
The process cannot access the file because it is being used by another process
5:03 PM: File Sweep Complete, Elapsed Time: 00:08:04
5:03 PM: Full Sweep has completed. Elapsed time 00:10:52
5:03 PM: Traces Found: 2
5:03 PM: Removal process initiated
5:03 PM: Quarantining All Traces: lzio
5:03 PM: Removal process completed. Elapsed time 00:00:26
10:17 AM: Warning: Failed to check file "c:\windows\system32\fhlpnxy\guycrm.exe". Cannot open file "c:\windows\system32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:22 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:24 AM: Spy Installation Shield: found: Trojan Horse: lzio, version 1.0.0.0 -- Execution Denied
10:24 AM: Spy Installation Shield: found: Trojan Horse: lzio, version 1.0.0.0 -- Execution Denied
11:13 AM: Processing Startup Alerts
11:13 AM: Removed Startup entry: babfk
11:13 AM: Processing Internet Explorer Favorites Alerts
11:13 AM: Allowed IE Favorite: Hydrogen sulfide (EHC 19, 1981)
11:17 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:26 AM: Processing Internet Explorer Favorites Alerts
11:26 AM: Allowed IE Favorite: Support.Dell.com
11:26 AM: Allowed IE Favorite: Gigabuys
11:26 AM: Allowed IE Favorite: Dell Auction
11:26 AM: Allowed IE Favorite: Dell
11:26 AM: Allowed IE Favorite: Jan's VW-Car-Racing Page
11:29 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:35 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:40 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:46 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:52 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:58 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:03 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:09 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:14 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:20 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:26 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:43 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:17 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:02 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:07 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:13 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:24 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:30 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:53 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:04 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:10 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:02 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:20 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:53 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:04 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:09 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:34 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:57 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:02 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:08 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:34 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:02 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:08 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:14 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:02 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:08 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:13 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:39 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:02 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:08 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:13 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:19 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:31 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:36 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:42 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:48 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:53 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:59 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:05 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:11 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:16 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:22 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:28 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:33 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:39 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:45 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:51 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:56 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:02 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:08 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:14 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:20 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:31 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:37 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:43 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:48 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:54 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:00 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:05 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:11 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:17 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:28 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:34 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:40 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:46 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:51 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:57 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:03 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:08 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:14 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:20 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:26 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:31 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:37 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:43 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:49 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:54 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:00 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\

Attached Files


  • 0

#36
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I guess the Spy sweep session was too big for a single post. I am going to post smaller clips, and finish with the other items after that.

5:00 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:06 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:11 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:17 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:29 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:34 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:40 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:46 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:52 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:57 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:03 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:09 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:14 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:20 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:26 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:32 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:37 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:43 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:49 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:54 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:00 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:06 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:12 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:17 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:29 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:35 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:40 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:46 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:52 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:57 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:03 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:09 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:15 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:20 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:26 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:31 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:36 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:42 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:47 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:52 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:58 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:04 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:10 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:15 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:21 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:27 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:33 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:38 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:56 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:02 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:08 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:13 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:19 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:30 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:36 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:41 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:47 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:53 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:59 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:10 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:15 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:21 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:27 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:32 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:38 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:49 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:07 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:13 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:18 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:24 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:30 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:53 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:34 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:40 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:57 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:03 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:09 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:14 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:30 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:38 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:44 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:49 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
3:55 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:31 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:48 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
4:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:17 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:23 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:29 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:40 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:46 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:52 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
5:57 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:03 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:09 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:15 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:20 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:26 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:38 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
6:55 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:07 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:12 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:18 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:24 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:30 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:41 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:52 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
7:58 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:04 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:10 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:15 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:38 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:44 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:50 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
8:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:07 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:13 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:18 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:23 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:28 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:38 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:44 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:49 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
9:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:04 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:09 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:15 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:20 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:25 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:40 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:45 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:51 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
10:56 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:22 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:52 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:03 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:08 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:13 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:18 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:34 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:39 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:49 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
12:54 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:00 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:05 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:10 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:15 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:20 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:30 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:35 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:41 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:46 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:51 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
1:56 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:01 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:07 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:12 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process
2:17 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". Cannot open file "C:\WINDOWS\SYSTEM32\fhlpnxy\guycrm.exe". The process cannot access the file because it is being used by another process

Attached Files


  • 0

#37
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OK, that's not working. I am going to try to post it as a zip file. Now I will try to post the other items.

Logfile of HijackThis v1.99.1
Scan saved at 8:45:46 AM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\FranklinCovey\PlanPlus for Microsoft Outlook\PowerNotes.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jbrown\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [cplkm] C:\WINDOWS\system32\kxpqfx\cplkm.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [guycrm] C:\WINDOWS\system32\fhlpnxy\guycrm.exe
O4 - HKLM\..\RunOnce: [HP_AIO_SETUP_MUTEX] C:\DOCUME~1\JBROWN\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...tzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathsoft.web...ent/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = silvereaglerefining.com
O17 - HKLM\Software\..\Telephony: DomainName = silvereaglerefining.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = silvereaglerefining.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amJyb3du\command.exe (file missing)
O23 - Service: CWShredder Service - InterMute, Inc. - c:\program files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

___________________


StartupList report, 10/7/2005, 8:55:41 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\jbrown\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\FranklinCovey\PlanPlus for Microsoft Outlook\PowerNotes.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jbrown\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\jbrown\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
(Default) =
HPAIO_PrintFolderMgr = C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~2\VPTray.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
cplkm = C:\WINDOWS\system32\kxpqfx\cplkm.exe
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
guycrm = C:\WINDOWS\system32\fhlpnxy\guycrm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
services32 = C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc2.cab

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://software-dl.r...tzip/RdxIE2.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[GpcContainer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
CODEBASE = https://mathsoft.web...ent/ieatgpc.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
CODEBASE = http://h30043.www3.h.../qdiagh.cab?326

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
aokxlhk: \??\C:\WINDOWS\system32\jsjdflb\aokxlhk (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
Broadcom NetXtreme 57xx Gigabit Controller: system32\DRIVERS\b57xp32.sys (manual start)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Broadcom ASF IP monitoring service v6.0.4: C:\WINDOWS\system32\basfipm.exe (autostart)
BASFND: \??\C:\WINDOWS\system32\Drivers\BASFND.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: system32\DRIVERS\cmdide.sys (system)
Command Service: C:\WINDOWS\amJyb3du\command.exe (autostart)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CWShredder Service: c:\program files\InterMute\SpySubtract\CWShredder.exe service (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
IIS Admin: C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mchInjDrv: \??\C:\DOCUME~1\jbrown\LOCALS~1\Temp\mc21.tmp (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
FTP Publishing: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051005.037\naveng.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051005.037\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (autostart)
SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)
SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Rainbow USB SuperPro: system32\DRIVERS\SNTNLUSB.SYS (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7} (manual start)
Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (disabled)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
uosfngi: \??\C:\WINDOWS\system32\flpiqev\uosfngi (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
World Wide Web Publishing: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NTPort Library Driver: \??\C:\WINDOWS\system32\zntport.sys (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Aut

Attached Files


  • 0

#38
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Thanks for that. I know its a real pain getting these logs, but just inagine what its like for me to go through the things! :) I will make a start on them now, so could you post the Regsrch.vbs and Blacklight reports for me to complete the data set i need?

Thanks for your patience :tazz:
  • 0

#39
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sure, I thought I got that all too you already, but I guess not. And believe me I am not complaining. I don't know how you all make heads or taills out of this stuff.

Thanks a million.



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "guycrm.exe" 10/7/2005 8:49:53 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89C3C1CF-E7DD-6F34-93F4-C3504E424838}\InprocServer32]
@="C:\\WINDOWS\\system32\\fhlpnxy\\guycrm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"guycrm"="C:\\WINDOWS\\system32\\fhlpnxy\\guycrm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Startup\id_30]
"Value"="C:\\WINDOWS\\system32\\fhlpnxy\\guycrm.exe"

"C:\\Documents and Settings\\jbrown\\My Documents\\eDonkey2000 Downloads\\[Autodesk.AutoCAD.2006.?????].keygen.exe"="[Autodesk.AutoCAD.2006.?????].keygen"
"C:\\WINDOWS\\system32\\fhlpnxy\\guycrm.exe"="guycrm"



______________________



10/07/05 08:56:15 [Info]: BlackLight Engine 1.0.23 initialized
10/07/05 08:56:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/07/05 08:56:16 [Note]: 4019 4
10/07/05 08:56:16 [Note]: 4005 0
10/07/05 08:56:24 [Note]: 4006 0
10/07/05 08:56:24 [Note]: 4011 584
10/07/05 08:56:24 [Note]: FSRAW library version 1.7.1011
10/07/05 08:58:42 [Note]: 4007 0
  • 0

#40
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

When you ran Blacklight, it should have displayed anything found and produced a log

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).


Did it do that?

I don't know how you all make heads or taills out of this stuff.


Oh and by the way, dont tell anyone, but I make all this up as I go along :tazz:
  • 0

Advertisements


#41
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Ok then, Hopefully this will get everything. After going through the logs and reports you provided, it seems that we actually managed to remove a lot of the infection last time, so this should finish the job for us.

Please print this out so that you can refer to it as some of this needs to be done offline and in safe mode where you will have no net access.

The Fix

Step #1

Ensure that Spysweeper is updated.

Step #2

Copy everything inside the quote box below and paste it into Notepad. Go up to File > Save As, then click the drop-down box to change the "Save As Type" to "All Files". Save it as gotcha.bat on your desktop.

@echo off
sc stop "Autodesk Licensing Service"
sc delete "Autodesk Licensing Service"
sc stop "Command Service"
sc delete "Command Service"
sc stop aokxlhk
sc delete aokxlhk
sc stop uosfngi
sc delete uosfngi
rmdir /s /q C:\WINDOWS\system32\jsjdflb
rmdir /s /q "C:\Program Files\Common Files\Autodesk Shared"
rmdir /s /q C:\WINDOWS\amJyb3du
rmdir /s /q C:\WINDOWS\system32\flpiqev
rmdir /s /q "C:\Documents and Settings\jbrown\My Documents\eDonkey2000 Downloads"
rmdir /s /q C:\WINDOWS\system32\kxpqfx
rmdir /s /q C:\WINDOWS\system32\fhlpnxy
del /q "C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe"


Step #3

Please Disconnect from the Internet completely. Then SHUT DOWN Ewido, MSAS, Trojan Hunter, and Spysweeper as these may interfere with the fix if they are running.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [cplkm] C:\WINDOWS\system32\kxpqfx\cplkm.exe
O4 - HKLM\..\Run: [guycrm] C:\WINDOWS\system32\fhlpnxy\guycrm.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...tzip/RdxIE2.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amJyb3du\command.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Step #4

Once in Safemode, Double-click Gotcha.bat that you created earlier.

Step #5

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

eDonkey2000

Please note any other programs that you dont recognize in that list in your next response

Step #6

Still in Safe Mode, Re enable and then Rescan with Spysweeper, save the log it creates.

Step #7

Reboot into safe Mode and rescan again with Spysweeper, save the log it creates.

Step #8

Reboot once more into Normal Mode. Re-enable ALL the previously disabled Security applications, including their real time protection functions, Rescan with HJT, then reconnect to the net and post a new HiJackThis log, as well as the 2 Spysweeper Logs for me here.

Good Luck
  • 0

#42
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
My spysweeper expired
  • 0

#43
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Well, I did everything I could. I ran Ad-Aware, & Spybot in leu of Spy Sweeper. Is there a different approach you want me to take?

I noticed a couple of programs that I didn't recognize when I ran Add/Remove Programs; Kaspersky online Scanner, VobSub v2.05, & WebEx. I wouldn't know if they are legite or not, I just don't know what they do, or what they are for.

I posted a fresh HJT log, as well as logs & screen shots of the ads that Spybot & Ad-Aware found and removed.



Logfile of HijackThis v1.99.1
Scan saved at 11:42:24 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Documents and Settings\jbrown\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aspenONE Toolbar] "C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe" -auto
O4 - HKLM\..\RunOnce: [HP_AIO_SETUP_MUTEX] C:\DOCUME~1\JBROWN\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AspenStartup] C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathsoft.web...ent/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = silvereaglerefining.com
O17 - HKLM\Software\..\Telephony: DomainName = silvereaglerefining.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = silvereaglerefining.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amJyb3du\command.exe (file missing)
O23 - Service: CWShredder Service - InterMute, Inc. - c:\program files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

__________________________________________




Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, October 13, 2005 11:22:37 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R67 20.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):30 total references
Tracking Cookie(TAC index:3):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R67 20.09.2005
Internal build : 79
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 524443 Bytes
Total size : 1576182 Bytes
Signature data size : 1543004 Bytes
Reference data size : 32666 Bytes
Signatures total : 43850
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 746


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:79 %
Total physical memory:1046600 kb
Available physical memory:825608 kb
Total page file size:2506264 kb
Available on page file:2423956 kb
Total virtual memory:2097024 kb
Available virtual memory:2041308 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-13-2005 11:22:37 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\jbrown\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\jbrown\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1708537768-1202660629-1219\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 504
ThreadCreationTime : 10-13-2005 5:18:03 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 552
ThreadCreationTime : 10-13-2005 5:18:07 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 576
ThreadCreationTime : 10-13-2005 5:18:08 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 620
ThreadCreationTime : 10-13-2005 5:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 632
ThreadCreationTime : 10-13-2005 5:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 756
ThreadCreationTime : 10-13-2005 5:18:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 872
ThreadCreationTime : 10-13-2005 5:18:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 932
ThreadCreationTime : 10-13-2005 5:18:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 984
ThreadCreationTime : 10-13-2005 5:18:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1376
ThreadCreationTime : 10-13-2005 5:18:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1748
ThreadCreationTime : 10-13-2005 5:22:22 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jbrown@clickbank.net/
Expires : 4-4-2006 11:11:02 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jbrown@metriweb.be/
Expires : 10-6-2006 11:10:16 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jbrown@ads.addynamix.com/
Expires : 10-12-2005 11:21:44 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:jbrown@casalemedia.com/
Expires : 10-2-2006 7:38:08 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:jbrown@tribalfusion.com/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jbrown@stat.onestat.com/
Expires : 10-5-2015 6:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:jbrown@2o7.net/
Expires : 10-12-2010 9:50:28 AM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@overstock[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jbrown@overstock.com/
Expires : 2-19-2020 8:28:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jbrown@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:jbrown@apmebf.com/
Expires : 10-10-2010 11:27:34 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 39



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@overstock[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@overstock[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

11:29:19 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:42.250
Objects scanned:190584
Objects identified:10
Objects ignored:0
New critical objects:10

Attached Files


  • 0

#44
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Great result, that is looking much better now, there is still a service running that we want to get rid of, but compared to what it looked like originally.....

Regarding the programmes you mention, The Kaspersky app is for their online scanner which we still need. Webex is a teleconference tool and i have no idea what Vobsub is. I would suggest that if you dont need the last two, delete them.

I notice in the log that you now have an ASpen Tech toolbar showing. Is this something you have installed?

All that Spybot and AdAware found were tracking cookies, which are really nothing to worry about especially.

I do wish that Spysweeper had a longer trial period as it is an excellent anti spyware application. Unfortunately, the only way to extend that functionality is to purchase the app. To maintain our neutrality, it is G2G policy that we do not make any recommendations on whether or not to purchase such software, any such decision being entirely yours.

Could you please post another safe mode start up log please while i look through the results already provided.
Also, how is your system running now?
  • 0

#45
jbrown7441

jbrown7441

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Yes, my computer has been running a lot smoother lately. I haven't had any popups since the 'first' fix. What is the service that is still running? I went ahead and deleted Webex and VobSub. Aspen Tech is a legitimate program I run, but the toolbar is annoying. It's kinda like the old MS Office toolbar that would load automatically that no one ever used. I am trying to figure out how to turn it off.


StartupList report, 10/14/2005, 8:24:07 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\jbrown\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\jbrown\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\jbrown\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
HPAIO_PrintFolderMgr = C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~2\VPTray.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
(Default) =
aspenONE Toolbar = "C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe" -auto

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
AspenStartup = C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[Install Class]
CODEBASE = http://support.aspen...ent/AgentNT.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc2.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[GpcContainer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
CODEBASE = https://mathsoft.web...ent/ieatgpc.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
CODEBASE = http://h30043.www3.h.../qdiagh.cab?326

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Broadcom NetXtreme 57xx Gigabit Controller: system32\DRIVERS\b57xp32.sys (manual start)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Broadcom ASF IP monitoring service v6.0.4: C:\WINDOWS\system32\basfipm.exe (autostart)
BASFND: \??\C:\WINDOWS\system32\Drivers\BASFND.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: system32\DRIVERS\cmdide.sys (system)
Command Service: C:\WINDOWS\amJyb3du\command.exe (autostart)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CWShredder Service: c:\program files\InterMute\SpySubtract\CWShredder.exe service (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (disabled)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IIS Admin: C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
FTP Publishing: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051012.017\naveng.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051012.017\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (autostart)
SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)
SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Rainbow USB SuperPro: system32\DRIVERS\SNTNLUSB.SYS (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7} (manual start)
Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (disabled)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
World Wide Web Publishing: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NTPort Library Driver: \??\C:\WINDOWS\system32\zntport.sys (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 37,549 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP