Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
3 replies to this topic

#1 Woody's

Woody's

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 18 December 2005 - 12:15 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:38:14 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\addtc.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\PROGRAM FILES\TREND MICRO\TMAS\TMAS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\netus.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SYSTEM32\HH.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCMAIN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG10.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zekkm.dll/sp.html#77035
R3 - Default URLSearchHook is missing
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13955D97-674B-FA5D-CDFD-AEB795AAF4E5} - C:\WINDOWS\atlno32.dll
O2 - BHO: Class - {146F3AC5-1175-324D-8BA9-B14C18C5BA5A} - C:\WINDOWS\addtc.dll
O2 - BHO: Class - {1D255CCE-1BDB-DEAC-531F-056830B8A8D0} - C:\WINDOWS\system32\d3si32.dll
O2 - BHO: Class - {230CABAB-6316-E8FA-7EFB-6AB04BD4A44F} - C:\WINDOWS\system32\appts32.dll (file missing)
O2 - BHO: Class - {38683242-D589-5595-2821-3BE52429FEC3} - C:\WINDOWS\system32\appic32.dll
O2 - BHO: Class - {4289D83C-B29F-6AE3-A2CB-7FC6A6C7D83A} - C:\WINDOWS\system32\iedh.dll
O2 - BHO: Class - {479F8FB5-5D03-CE7E-6322-3BE0849F0645} - C:\WINDOWS\sdkxu.dll
O2 - BHO: (no name) - {540093F0-9A9A-C96F-FB01-146D6EB86EF4} - (no file)
O2 - BHO: Class - {5DE0DA98-DFC9-EB4A-8C86-8F46A5116CA0} - C:\WINDOWS\ipbr32.dll
O2 - BHO: Class - {6F7BB7A7-E684-75C2-B039-BF75DEE36D79} - C:\WINDOWS\atlns.dll
O2 - BHO: Class - {794EE32D-7316-0F00-32EF-4314785FE8A6} - C:\WINDOWS\system32\crof32.dll
O2 - BHO: Class - {8544CEB8-7AA5-0ABD-E8D0-E151F009353B} - C:\WINDOWS\msgw.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Class - {99E0B23D-A95C-D9EE-CAF3-1F57FBD4D83D} - C:\WINDOWS\mfcnv32.dll
O2 - BHO: Class - {A83F2621-E630-7943-FD17-24FC9321228A} - C:\WINDOWS\system32\iprp.dll
O2 - BHO: Class - {B1C3A30F-ED2C-F55F-8BE1-4E2FD61016A3} - C:\WINDOWS\system32\syshw32.dll
O2 - BHO: Class - {BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801} - C:\WINDOWS\apinl32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Class - {CF3AB838-55A1-5960-9D86-9EF072CBB309} - C:\WINDOWS\mski32.dll
O2 - BHO: Class - {DEE4D3D9-5236-F675-F978-C5B541ECF0D4} - C:\WINDOWS\system32\crwu.dll
O2 - BHO: (no name) - {E744D294-2AA6-B5FC-A3C2-48601F4CDCDD} - (no file)
O2 - BHO: Class - {EF1E92B6-708A-A9C4-DD9F-347ABD61EB60} - C:\WINDOWS\ipyl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run740.exe dummy
O4 - HKLM\..\Run: [addtc.exe] C:\WINDOWS\addtc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128496483171
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\netus.exe" /s (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 04:21 AM

Hi Woody's and Welcome to the Bleeping Computer!

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.


#3 Woody's

Woody's
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 20 December 2005 - 07:01 AM

********
5:59 AM: | Start of Session, Tuesday, December 20, 2005 |
5:59 AM: Spy Sweeper started
5:59 AM: Sweep initiated using definitions version 587
5:59 AM: Starting Memory Sweep
6:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:33
6:02 AM: Starting Registry Sweep
6:02 AM: Registry Sweep Complete, Elapsed Time:00:00:08
6:02 AM: Starting Cookie Sweep
6:02 AM: Found Spy Cookie: adrevolver cookie
6:02 AM: david ehren@adrevolver[2].txt (ID = 2088)
6:02 AM: david ehren@adrevolver[3].txt (ID = 2088)
6:02 AM: Found Spy Cookie: centrport net cookie
6:02 AM: david ehren@centrport[1].txt (ID = 2374)
6:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:02 AM: Starting File Sweep
6:02 AM: Found Adware: cws_tiny0
6:02 AM: a0016282.exe (ID = 200)
6:02 AM: a0016281.exe (ID = 204)
6:02 AM: a0016280.exe (ID = 204)
6:02 AM: a0016279.exe (ID = 200)
6:02 AM: a0016278.exe (ID = 204)
6:02 AM: a0016277.exe (ID = 204)
6:02 AM: a0016276.exe (ID = 204)
6:02 AM: a0016275.exe (ID = 204)
6:02 AM: a0016274.exe (ID = 204)
6:03 AM: a0016273.exe (ID = 204)
6:03 AM: a0016272.exe (ID = 204)
6:03 AM: a0016271.exe (ID = 200)
6:03 AM: a0016270.exe (ID = 204)
6:03 AM: a0016269.exe (ID = 204)
6:03 AM: a0016268.exe (ID = 204)
6:03 AM: a0016267.exe (ID = 200)
6:03 AM: a0016266.exe (ID = 204)
6:03 AM: a0016265.exe (ID = 204)
6:03 AM: a0016264.exe (ID = 204)
6:03 AM: a0016263.exe (ID = 204)
6:03 AM: a0016262.exe (ID = 204)
6:03 AM: a0016261.exe (ID = 204)
6:03 AM: a0016260.exe (ID = 204)
6:03 AM: a0016259.exe (ID = 204)
6:03 AM: a0016258.exe (ID = 200)
6:03 AM: a0016257.exe (ID = 200)
6:03 AM: a0016256.exe (ID = 204)
6:03 AM: a0016255.exe (ID = 204)
6:03 AM: a0016254.exe (ID = 204)
6:03 AM: a0016253.exe (ID = 204)
6:03 AM: a0016252.exe (ID = 204)
6:03 AM: a0016251.exe (ID = 204)
6:03 AM: a0016250.exe (ID = 204)
6:03 AM: a0016249.exe (ID = 204)
6:03 AM: a0016248.exe (ID = 204)
6:03 AM: a0016247.exe (ID = 200)
6:03 AM: a0016246.exe (ID = 204)
6:03 AM: a0016245.exe (ID = 204)
6:03 AM: a0016244.exe (ID = 204)
6:03 AM: a0016243.exe (ID = 204)
6:03 AM: fqkyu.txt:jsjnhh (ID = 204)
6:03 AM: a0016242.exe (ID = 200)
6:03 AM: a0016241.exe (ID = 204)
6:03 AM: a0016240.exe (ID = 204)
6:03 AM: a0016239.exe (ID = 204)
6:03 AM: a0016238.exe (ID = 204)
6:03 AM: a0016237.exe (ID = 204)
6:03 AM: a0016236.exe (ID = 204)
6:03 AM: a0016235.exe (ID = 204)
6:03 AM: a0016234.exe (ID = 204)
6:03 AM: a0016233.exe (ID = 204)
6:03 AM: a0016232.exe (ID = 204)
6:03 AM: a0016231.exe (ID = 204)
6:03 AM: a0016230.exe (ID = 204)
6:03 AM: a0016229.exe (ID = 204)
6:03 AM: a0016228.exe (ID = 204)
6:03 AM: a0016227.exe (ID = 204)
6:03 AM: a0016226.exe (ID = 204)
6:03 AM: a0016225.exe (ID = 204)
6:03 AM: a0016224.exe (ID = 204)
6:03 AM: a0016223.exe (ID = 200)
6:03 AM: a0016222.exe (ID = 204)
6:04 AM: a0016221.exe (ID = 204)
6:04 AM: a0016220.exe (ID = 204)
6:04 AM: a0016219.exe (ID = 204)
6:04 AM: a0016218.exe (ID = 204)
6:04 AM: a0016217.exe (ID = 204)
6:04 AM: a0016216.exe (ID = 204)
6:04 AM: a0016215.exe (ID = 204)
6:04 AM: a0016214.exe (ID = 204)
6:04 AM: a0016213.exe (ID = 204)
6:04 AM: a0016212.exe (ID = 200)
6:04 AM: a0016211.exe (ID = 204)
6:04 AM: a0016210.exe (ID = 204)
6:04 AM: a0016209.exe (ID = 200)
6:04 AM: a0016208.exe (ID = 204)
6:04 AM: a0016207.exe (ID = 200)
6:04 AM: a0016206.exe (ID = 200)
6:04 AM: a0016205.exe (ID = 204)
6:04 AM: a0016204.exe (ID = 200)
6:04 AM: a0016203.exe (ID = 204)
6:04 AM: a0016202.exe (ID = 204)
6:04 AM: a0016201.exe (ID = 204)
6:04 AM: a0016200.exe (ID = 204)
6:04 AM: a0016199.exe (ID = 204)
6:04 AM: a0016198.exe (ID = 204)
6:04 AM: a0016197.exe (ID = 200)
6:04 AM: a0016196.exe (ID = 200)
6:04 AM: a0016195.exe (ID = 204)
6:04 AM: a0016194.exe (ID = 204)
6:04 AM: a0016193.exe (ID = 204)
6:04 AM: a0016192.exe (ID = 204)
6:04 AM: a0016191.exe (ID = 204)
6:04 AM: a0016190.exe (ID = 204)
6:04 AM: a0016189.exe (ID = 200)
6:04 AM: a0016056.exe (ID = 204)
6:04 AM: a0016188.exe (ID = 204)
6:04 AM: a0016187.exe (ID = 200)
6:04 AM: a0016186.exe (ID = 204)
6:04 AM: a0016185.exe (ID = 204)
6:04 AM: a0016184.exe (ID = 204)
6:04 AM: a0016183.exe (ID = 200)
6:04 AM: a0016182.exe (ID = 204)
6:04 AM: a0016181.exe (ID = 200)
6:04 AM: a0016180.exe (ID = 204)
6:04 AM: a0016179.exe (ID = 204)
6:04 AM: a0016178.exe (ID = 200)
6:04 AM: a0016177.exe (ID = 204)
6:04 AM: a0016176.exe (ID = 200)
6:04 AM: a0016175.exe (ID = 204)
6:04 AM: a0016174.exe (ID = 204)
6:04 AM: a0016173.exe (ID = 204)
6:05 AM: a0016172.exe (ID = 200)
6:05 AM: a0016171.exe (ID = 204)
6:05 AM: a0016170.exe (ID = 200)
6:05 AM: a0016169.exe (ID = 200)
6:05 AM: _default.pif:twrbh (ID = 200)
6:05 AM: a0016168.exe (ID = 204)
6:05 AM: a0016167.exe (ID = 204)
6:05 AM: a0016166.exe (ID = 200)
6:05 AM: a0016165.exe (ID = 204)
6:05 AM: a0016164.exe (ID = 200)
6:05 AM: a0016163.exe (ID = 200)
6:05 AM: a0016162.exe (ID = 200)
6:05 AM: a0016161.exe (ID = 200)
6:05 AM: a0016160.exe (ID = 204)
6:05 AM: a0016159.exe (ID = 204)
6:05 AM: a0016158.exe (ID = 204)
6:05 AM: a0016157.exe (ID = 204)
6:05 AM: a0016156.exe (ID = 200)
6:05 AM: a0016155.exe (ID = 200)
6:05 AM: a0016154.exe (ID = 204)
6:05 AM: a0016153.exe (ID = 200)
6:05 AM: a0016152.exe (ID = 204)
6:05 AM: a0016151.exe (ID = 204)
6:05 AM: a0016150.exe (ID = 204)
6:05 AM: a0016149.exe (ID = 204)
6:05 AM: a0016148.exe (ID = 204)
6:05 AM: a0016147.exe (ID = 200)
6:05 AM: a0016146.exe (ID = 204)
6:05 AM: a0016145.exe (ID = 204)
6:05 AM: a0016144.exe (ID = 204)
6:05 AM: a0016143.exe (ID = 204)
6:05 AM: a0016142.exe (ID = 204)
6:05 AM: a0016141.exe (ID = 200)
6:05 AM: a0016140.exe (ID = 204)
6:05 AM: a0016139.exe (ID = 204)
6:05 AM: a0016138.exe (ID = 204)
6:05 AM: a0016137.exe (ID = 200)
6:06 AM: a0016136.exe (ID = 204)
6:06 AM: a0016135.exe (ID = 204)
6:06 AM: a0016134.exe (ID = 204)
6:06 AM: a0016133.exe (ID = 204)
6:06 AM: a0016132.exe (ID = 204)
6:06 AM: a0016131.exe (ID = 204)
6:06 AM: a0016130.exe (ID = 204)
6:06 AM: a0016129.exe (ID = 204)
6:06 AM: a0016128.exe (ID = 204)
6:06 AM: a0016127.exe (ID = 204)
6:06 AM: a0016126.exe (ID = 204)
6:06 AM: a0016125.exe (ID = 204)
6:06 AM: a0016124.exe (ID = 204)
6:06 AM: a0016123.exe (ID = 204)
6:06 AM: a0016122.exe (ID = 204)
6:06 AM: a0016121.exe (ID = 204)
6:06 AM: a0016120.exe (ID = 200)
6:06 AM: a0016119.exe (ID = 204)
6:06 AM: a0016118.exe (ID = 204)
6:06 AM: a0016117.exe (ID = 200)
6:06 AM: a0016116.exe (ID = 204)
6:06 AM: a0016115.exe (ID = 204)
6:06 AM: a0016114.exe (ID = 204)
6:06 AM: a0016113.exe (ID = 204)
6:06 AM: a0016112.exe (ID = 204)
6:07 AM: a0016111.exe (ID = 204)
6:07 AM: a0016110.exe (ID = 204)
6:07 AM: a0016109.exe (ID = 204)
6:07 AM: a0016108.exe (ID = 204)
6:07 AM: a0016107.exe (ID = 204)
6:07 AM: a0016106.exe (ID = 204)
6:07 AM: a0016105.exe (ID = 204)
6:07 AM: a0016104.exe (ID = 200)
6:07 AM: a0016103.exe (ID = 204)
6:07 AM: a0016102.exe (ID = 204)
6:07 AM: a0016101.exe (ID = 200)
6:07 AM: a0016100.exe (ID = 204)
6:07 AM: a0016099.exe (ID = 204)
6:07 AM: a0016098.exe (ID = 204)
6:07 AM: a0016097.exe (ID = 204)
6:07 AM: a0016096.exe (ID = 200)
6:07 AM: a0016095.exe (ID = 204)
6:07 AM: a0016094.exe (ID = 204)
6:07 AM: a0016093.exe (ID = 204)
6:07 AM: a0016092.exe (ID = 204)
6:07 AM: a0016091.exe (ID = 204)
6:07 AM: a0016090.exe (ID = 204)
6:07 AM: a0016089.exe (ID = 204)
6:07 AM: a0016088.exe (ID = 200)
6:07 AM: a0016087.exe (ID = 204)
6:07 AM: a0016086.exe (ID = 200)
6:07 AM: a0016085.exe (ID = 204)
6:07 AM: a0016084.exe (ID = 204)
6:07 AM: a0016083.exe (ID = 204)
6:07 AM: a0016082.exe (ID = 204)
6:07 AM: a0016081.exe (ID = 204)
6:07 AM: a0016080.exe (ID = 204)
6:08 AM: a0016079.exe (ID = 200)
6:08 AM: a0016078.exe (ID = 204)
6:08 AM: a0016077.exe (ID = 204)
6:08 AM: a0016076.exe (ID = 200)
6:08 AM: a0016075.exe (ID = 204)
6:08 AM: a0016074.exe (ID = 204)
6:09 AM: mfchu32.exe (ID = 204)
6:09 AM: a0016021.exe (ID = 204)
6:09 AM: crml.exe (ID = 200)
6:09 AM: sysgx.exe (ID = 204)
6:09 AM: a0016003.pif:guwtcq (ID = 205)
6:09 AM: crja32.exe (ID = 204)
6:09 AM: appjj32.exe (ID = 200)
6:09 AM: ienj32.exe (ID = 204)
6:09 AM: apiuo32.exe (ID = 204)
6:09 AM: addet.exe (ID = 204)
6:09 AM: winwn.exe (ID = 204)
6:09 AM: javaha.exe (ID = 204)
6:09 AM: apinn.exe (ID = 204)
6:09 AM: a0013527.exe (ID = 204)
6:09 AM: wmcsetup.log:kloaol (ID = 204)
6:09 AM: javazn32.exe (ID = 204)
6:09 AM: ntai.exe (ID = 204)
6:09 AM: msch32.exe (ID = 204)
6:10 AM: sdkxv.exe (ID = 204)
6:10 AM: mfcws32.exe (ID = 204)
6:10 AM: apike32.exe (ID = 204)
6:10 AM: ipkp.exe (ID = 204)
6:10 AM: ipsw32.exe (ID = 200)
6:10 AM: apimy32.exe (ID = 200)
6:10 AM: sysmt.exe (ID = 204)
6:10 AM: winnt.bmp:rkvvla (ID = 204)
6:10 AM: apppc32.exe (ID = 204)
6:10 AM: ipyp32.exe (ID = 204)
6:10 AM: a0014622.dll (ID = 205)
6:10 AM: mfcpi.exe (ID = 204)
6:10 AM: a0014595.dll (ID = 205)
6:10 AM: winej32.exe (ID = 200)
6:10 AM: atlrh.exe (ID = 204)
6:10 AM: sdkwi32.exe (ID = 204)
6:10 AM: sdkxv.exe (ID = 204)
6:10 AM: mfcqu.exe (ID = 204)
6:10 AM: d3id32.exe (ID = 204)
6:10 AM: apigk.exe (ID = 204)
6:10 AM: netmo.exe (ID = 204)
6:10 AM: apivu.exe (ID = 204)
6:10 AM: addrq32.exe (ID = 204)
6:10 AM: netuu32.exe (ID = 200)
6:10 AM: msmt32.exe (ID = 204)
6:10 AM: Found Adware: spysheriff
6:10 AM: eac46a2a-aa09-4e95-a53d-bc5db8 (ID = 202810)
6:10 AM: ipib32.exe (ID = 204)
6:10 AM: d3es.exe (ID = 204)
6:10 AM: ieoo32.exe (ID = 200)
6:10 AM: sysfj32.exe (ID = 204)
6:10 AM: winou32.exe (ID = 204)
6:10 AM: setupact.log:jzadw (ID = 200)
6:10 AM: wincr32.exe (ID = 204)
6:10 AM: iemm32.exe (ID = 204)
6:10 AM: d3cp.exe (ID = 204)
6:10 AM: crhq32.exe (ID = 200)
6:10 AM: apiml.exe (ID = 204)
6:10 AM: sdkfk32.exe (ID = 204)
6:10 AM: iedd.exe (ID = 204)
6:10 AM: sdkkm.exe (ID = 204)
6:10 AM: mfcnw32.exe (ID = 204)
6:10 AM: sysdk32.exe (ID = 204)
6:10 AM: atljl32.exe (ID = 204)
6:10 AM: sysje32.exe (ID = 204)
6:10 AM: winze32.exe (ID = 204)
6:11 AM: appmc32.exe (ID = 204)
6:11 AM: apidc32.exe (ID = 204)
6:11 AM: winug32.exe (ID = 200)
6:11 AM: craj.exe (ID = 200)
6:11 AM: apprv32.exe (ID = 200)
6:11 AM: addgy32.exe (ID = 204)
6:11 AM: atlms32.exe (ID = 200)
6:11 AM: ntsk32.exe (ID = 204)
6:11 AM: javawz32.exe (ID = 204)
6:11 AM: a0013576.exe (ID = 204)
6:12 AM: a0014683.pif:wzbzui (ID = 204)
6:12 AM: ntuz.exe (ID = 204)
6:12 AM: winol.exe (ID = 204)
6:12 AM: d3dh.exe (ID = 204)
6:12 AM: crqc32.exe (ID = 204)
6:12 AM: addzq.exe (ID = 204)
6:12 AM: ntsy32.exe (ID = 204)
6:12 AM: ipnc32.exe (ID = 204)
6:12 AM: atlif.exe (ID = 204)
6:12 AM: winfl.exe (ID = 200)
6:12 AM: apprg.exe (ID = 204)
6:12 AM: winca.exe (ID = 204)
6:12 AM: winar.exe (ID = 204)
6:12 AM: javapq.exe (ID = 204)
6:12 AM: ietj32.exe (ID = 204)
6:12 AM: sdkjy32.exe (ID = 204)
6:12 AM: 6417f44a-92f5-4a4d-b278-63c54c (ID = 198826)
6:12 AM: _default.pif:guwtcq (ID = 205)
6:12 AM: d3jq.exe (ID = 204)
6:12 AM: sysva.exe (ID = 204)
6:12 AM: 52ee3c02-5c5f-4f53-97cd-0644fe (ID = 198827)
6:12 AM: mfcoy32.exe (ID = 204)
6:13 AM: mfces.exe (ID = 204)
6:13 AM: iegf32.exe (ID = 204)
6:13 AM: atlnr32.exe (ID = 204)
6:13 AM: msyc.exe (ID = 204)
6:13 AM: a0015996.exe (ID = 204)
6:13 AM: msfr.exe (ID = 204)
6:13 AM: appuh32.exe (ID = 200)
6:13 AM: ntaw.exe (ID = 204)
6:13 AM: netei32.exe (ID = 204)
6:13 AM: javatx32.exe (ID = 200)
6:13 AM: msbm.exe (ID = 204)
6:13 AM: d3kp.exe (ID = 204)
6:13 AM: _default.pif:iuoqk (ID = 205)
6:13 AM: iphm.exe (ID = 200)
6:13 AM: appvd.exe (ID = 204)
6:13 AM: msww.exe (ID = 204)
6:13 AM: apiyg.exe (ID = 204)
6:13 AM: apimn.exe (ID = 204)
6:13 AM: syswz.exe (ID = 200)
6:13 AM: winik.exe (ID = 200)
6:13 AM: appzq.exe (ID = 204)
6:13 AM: 1ee039d0-1715-4e63-b0b6-5048e2 (ID = 198828)
6:13 AM: cbd60e3d-7993-4eae-a74d-907559 (ID = 198829)
6:13 AM: 403ab4ca-d6a4-4945-99d6-eff3c3 (ID = 198830)
6:13 AM: addbn.exe (ID = 204)
6:13 AM: atlbq.exe (ID = 204)
6:13 AM: mfcct32.exe (ID = 204)
6:13 AM: iewr32.exe (ID = 200)
6:13 AM: netjs.exe (ID = 200)
6:14 AM: syskv32.exe (ID = 204)
6:14 AM: ipke32.exe (ID = 200)
6:14 AM: mfccr32.exe (ID = 204)
6:14 AM: ipcz.exe (ID = 204)
6:14 AM: winza32.exe (ID = 200)
6:14 AM: 9420651d-7fc2-4a56-aa6e-8bb25e (ID = 198832)
6:14 AM: ntht32.exe (ID = 204)
6:14 AM: crxk.exe (ID = 204)
6:14 AM: sdkex.exe (ID = 204)
6:14 AM: apprm.exe (ID = 200)
6:14 AM: sysli32.exe (ID = 204)
6:14 AM: hpomdl04.dat.temp:vzbuho (ID = 204)
6:14 AM: ntvi32.exe (ID = 204)
6:14 AM: winyd.exe (ID = 200)
6:14 AM: apidw32.exe (ID = 204)
6:14 AM: msto.exe (ID = 200)
6:14 AM: d3bl32.exe (ID = 204)
6:14 AM: javaup32.exe (ID = 204)
6:14 AM: apird.exe (ID = 204)
6:14 AM: winwv.exe (ID = 200)
6:14 AM: appnx.exe (ID = 204)
6:14 AM: mfcnh.exe (ID = 200)
6:14 AM: ntdk.exe (ID = 204)
6:14 AM: sysmx32.exe (ID = 200)
6:14 AM: ipij.exe (ID = 204)
6:14 AM: mseo.exe (ID = 204)
6:14 AM: netcy32.exe (ID = 200)
6:14 AM: ipon.exe (ID = 204)
6:14 AM: netat.exe (ID = 204)
6:15 AM: winsx32.exe (ID = 200)
6:15 AM: msmz32.exe (ID = 200)
6:15 AM: crlp.exe (ID = 204)
6:15 AM: atluo32.exe (ID = 200)
6:15 AM: a0014995.pif:guwtcq (ID = 205)
6:15 AM: sdkkl.exe (ID = 200)
6:15 AM: crlv32.exe (ID = 204)
6:15 AM: apivg.exe (ID = 200)
6:15 AM: mslc.exe (ID = 200)
6:15 AM: sysuf.exe (ID = 200)
6:15 AM: appgb32.exe (ID = 200)
6:15 AM: ntcq32.exe (ID = 204)
6:15 AM: winps.exe (ID = 200)
6:15 AM: netyk.exe (ID = 204)
6:15 AM: javafn32.exe (ID = 204)
6:15 AM: netkm32.exe (ID = 204)
6:15 AM: com+.log:cdoivr (ID = 204)
6:15 AM: apprq.exe (ID = 204)
6:15 AM: msfz.exe (ID = 200)
6:15 AM: Warning: Failed to open file "c:\system volume information\_restore{d6721aaa-e51c-43ac-9a37-34bef2cbf726}\rp108\a0011241.dll". Access is denied
6:16 AM: winwg32.exe (ID = 204)
6:16 AM: a0013577.exe (ID = 204)
6:16 AM: atlhb.exe (ID = 204)
6:16 AM: atlnn.exe (ID = 204)
6:16 AM: a0014719.pif:wzbzui (ID = 204)
6:16 AM: sdkir.exe (ID = 204)
6:16 AM: ntsx.exe (ID = 204)
6:16 AM: appxb.exe (ID = 204)
6:16 AM: apiio32.exe (ID = 204)
6:16 AM: sysni.exe (ID = 204)
6:16 AM: sdkli32.exe (ID = 204)
6:16 AM: sdkgd.exe (ID = 204)
6:16 AM: ipsb32.exe (ID = 204)
6:16 AM: ipgq32.exe (ID = 204)
6:16 AM: mfctt32.exe (ID = 204)
6:16 AM: d3ze.exe (ID = 204)
6:16 AM: iezv.exe (ID = 204)
6:16 AM: mfcql.exe (ID = 204)
6:16 AM: crij32.exe (ID = 200)
6:16 AM: crdm.exe (ID = 200)
6:16 AM: sdktq.exe (ID = 204)
6:16 AM: sdket.exe (ID = 204)
6:16 AM: iekp32.exe (ID = 204)
6:16 AM: mfcss.exe (ID = 200)
6:17 AM: apisl.exe (ID = 204)
6:17 AM: iplu.exe (ID = 204)
6:17 AM: msuy.exe (ID = 204)
6:17 AM: a0014756.pif:wzbzui (ID = 204)
6:17 AM: mszf32.exe (ID = 200)
6:17 AM: ntsj.exe (ID = 204)
6:17 AM: javanh.exe (ID = 204)
6:17 AM: appgr32.exe (ID = 204)
6:17 AM: addze.exe (ID = 204)
6:17 AM: dahotfix.log:udhopc (ID = 200)
6:17 AM: atler.exe (ID = 200)
6:17 AM: javaot32.exe (ID = 204)
6:17 AM: mfcsk32.exe (ID = 204)
6:17 AM: msut32.exe (ID = 204)
6:17 AM: mfcun.exe (ID = 204)
6:17 AM: javadu.exe (ID = 204)
6:17 AM: crvb32.exe (ID = 204)
6:17 AM: d3iq32.exe (ID = 204)
6:17 AM: netay32.exe (ID = 204)
6:17 AM: mfcfy32.exe (ID = 204)
6:17 AM: winzd32.exe (ID = 204)
6:17 AM: atlmx32.exe (ID = 204)
6:17 AM: apihy.exe (ID = 204)
6:17 AM: atlbr32.exe (ID = 200)
6:17 AM: netid.exe (ID = 204)
6:17 AM: mfctg32.exe (ID = 204)
6:17 AM: appsu.exe (ID = 204)
6:17 AM: crkm.exe (ID = 204)
6:17 AM: javaql.exe (ID = 204)
6:17 AM: d3om32.exe (ID = 204)
6:17 AM: msjy32.exe (ID = 204)
6:17 AM: netjn.exe (ID = 204)
6:17 AM: addqo.exe (ID = 204)
6:17 AM: atlbm32.exe (ID = 204)
6:17 AM: javapt32.exe (ID = 200)
6:17 AM: addyv.exe (ID = 204)
6:17 AM: msdw32.exe (ID = 204)
6:17 AM: winwp.exe (ID = 204)
6:17 AM: mfcps32.exe (ID = 204)
6:17 AM: ipbq.exe (ID = 200)
6:17 AM: addvu32.exe (ID = 204)
6:17 AM: msjh32.exe (ID = 204)
6:17 AM: javaoc32.exe (ID = 204)
6:17 AM: ipiz.exe (ID = 204)
6:17 AM: netsq.exe (ID = 204)
6:17 AM: sysza32.exe (ID = 204)
6:17 AM: sdkdk.exe (ID = 200)
6:17 AM: crle32.exe (ID = 204)
6:17 AM: ievp32.exe (ID = 204)
6:17 AM: msql32.exe (ID = 204)
6:17 AM: ntob.exe (ID = 204)
6:17 AM: ipye32.exe (ID = 204)
6:17 AM: apiqo32.exe (ID = 204)
6:18 AM: netjb.exe (ID = 204)
6:18 AM: addis.exe (ID = 200)
6:18 AM: sdktp.exe (ID = 204)
6:18 AM: iemu32.exe (ID = 204)
6:18 AM: appuv.exe (ID = 204)
6:18 AM: mfcka.exe (ID = 204)
6:18 AM: ntjn.exe (ID = 204)
6:18 AM: d3gm32.exe (ID = 204)
6:18 AM: d3co32.exe (ID = 204)
6:18 AM: d3lj.exe (ID = 204)
6:18 AM: sysdi.exe (ID = 204)
6:18 AM: iptj.exe (ID = 204)
6:18 AM: msjt.exe (ID = 204)
6:18 AM: appuu32.exe (ID = 204)
6:18 AM: nton.exe (ID = 204)
6:18 AM: javaus.exe (ID = 204)
6:18 AM: apirm.exe (ID = 204)
6:18 AM: msxn.exe (ID = 204)
6:18 AM: sdkar.exe (ID = 204)
6:18 AM: appus.exe (ID = 204)
6:18 AM: sysyi32.exe (ID = 204)
6:18 AM: netcs.exe (ID = 204)
6:18 AM: ipha.exe (ID = 204)
6:18 AM: addga32.exe (ID = 204)
6:18 AM: apimb.exe (ID = 204)
6:18 AM: syslj32.exe (ID = 204)
6:18 AM: ntxh.exe (ID = 200)
6:18 AM: apiwy32.exe (ID = 200)
6:18 AM: netov32.exe (ID = 204)
6:18 AM: mfcnt32.exe (ID = 204)
6:18 AM: ntpc.exe (ID = 204)
6:18 AM: d3zh.exe (ID = 204)
6:18 AM: javaqx.exe (ID = 204)
6:18 AM: atlvw32.exe (ID = 204)
6:18 AM: d3sc.exe (ID = 204)
6:18 AM: atlpe.exe (ID = 204)
6:18 AM: ipjh.exe (ID = 204)
6:18 AM: netap32.exe (ID = 204)
6:18 AM: atlch.exe (ID = 204)
6:18 AM: crzq.exe (ID = 204)
6:18 AM: iegc.exe (ID = 204)
6:18 AM: ipaf32.exe (ID = 204)
6:18 AM: ipxw32.exe (ID = 204)
6:18 AM: croj32.exe (ID = 204)
6:18 AM: msgg.exe (ID = 204)
6:18 AM: crby32.exe (ID = 204)
6:18 AM: apiby.exe (ID = 204)
6:18 AM: apivz32.exe (ID = 204)
6:18 AM: atlxp32.exe (ID = 204)
6:18 AM: d3ox32.exe (ID = 204)
6:18 AM: netnx.exe (ID = 204)
6:18 AM: sdkvq.exe (ID = 204)
6:18 AM: atljb32.exe (ID = 200)
6:18 AM: a0016001.exe (ID = 204)
6:18 AM: sdklw32.exe (ID = 204)
6:19 AM: iecx.exe (ID = 200)
6:19 AM: appcq.exe (ID = 204)
6:19 AM: crpf.exe (ID = 204)
6:19 AM: netvz32.exe (ID = 204)
6:19 AM: winqu.exe (ID = 204)
6:19 AM: javajl32.exe (ID = 204)
6:19 AM: ntyi.exe (ID = 204)
6:19 AM: atlwa32.exe (ID = 204)
6:19 AM: d3tc.exe (ID = 204)
6:19 AM: javazb32.exe (ID = 204)
6:19 AM: sysqw32.exe (ID = 204)
6:19 AM: sdkhw.exe (ID = 204)
6:19 AM: msxj.exe (ID = 204)
6:19 AM: mfcfl32.exe (ID = 204)
6:19 AM: ipza32.exe (ID = 204)
6:19 AM: syseo32.exe (ID = 200)
6:19 AM: d3rs.exe (ID = 204)
6:19 AM: javarw32.exe (ID = 204)
6:19 AM: d3cv.exe (ID = 200)
6:19 AM: ntiv.exe (ID = 204)
6:19 AM: ipoq32.exe (ID = 204)
6:19 AM: addxz.exe (ID = 204)
6:19 AM: appck.exe (ID = 204)
6:19 AM: javahc32.exe (ID = 204)
6:19 AM: apisj32.exe (ID = 204)
6:19 AM: crts32.exe (ID = 204)
6:19 AM: winxu32.exe (ID = 204)
6:19 AM: javazd.exe (ID = 204)
6:19 AM: atlec32.exe (ID = 204)
6:19 AM: javawc.exe (ID = 204)
6:19 AM: iefp.exe (ID = 204)
6:19 AM: a0016002.exe (ID = 204)
6:19 AM: atlbn32.exe (ID = 204)
6:19 AM: mshv.exe (ID = 204)
6:19 AM: ntbtlog.txt:mbbxsu (ID = 200)
6:19 AM: apitj.exe (ID = 204)
6:19 AM: msft.exe (ID = 204)
6:19 AM: appua32.exe (ID = 204)
6:19 AM: appyp.exe (ID = 204)
6:19 AM: netcc.exe (ID = 200)
6:19 AM: msvc32.exe (ID = 204)
6:19 AM: apphr.exe (ID = 204)
6:20 AM: appbt.exe (ID = 204)
6:20 AM: syskj32.exe (ID = 200)
6:20 AM: netxg32.exe (ID = 200)
6:20 AM: systw32.exe (ID = 200)
6:20 AM: hpoins04.dat:vwxzad (ID = 200)
6:20 AM: addih.exe (ID = 204)
6:20 AM: javafz32.exe (ID = 204)
6:20 AM: d3gv32.exe (ID = 204)
6:20 AM: netzc.exe (ID = 204)
6:20 AM: iear32.exe (ID = 204)
6:20 AM: netfz32.exe (ID = 200)
6:20 AM: javade.exe (ID = 204)
6:20 AM: apijy.exe (ID = 204)
6:20 AM: mfcqw.exe (ID = 200)
6:20 AM: sdkfb.exe (ID = 204)
6:20 AM: sdkpk.exe (ID = 204)
6:20 AM: ieul.exe (ID = 204)
6:20 AM: addfc32.exe (ID = 204)
6:20 AM: appgs32.exe (ID = 200)
6:20 AM: netaa32.exe (ID = 204)
6:20 AM: netqy.exe (ID = 204)
6:20 AM: netox.exe (ID = 204)
6:20 AM: cryt.exe (ID = 204)
6:20 AM: a0014685.pif:wzbzui (ID = 204)
6:20 AM: addxk.exe (ID = 204)
6:20 AM: a0016053.exe (ID = 204)
6:20 AM: ntnu.exe (ID = 204)
6:20 AM: iexh32.exe (ID = 204)
6:20 AM: iehs32.exe (ID = 204)
6:20 AM: apice32.exe (ID = 204)
6:20 AM: ipiq.exe (ID = 204)
6:20 AM: crzi32.exe (ID = 204)
6:20 AM: d3an.exe (ID = 204)
6:20 AM: ntpe.exe (ID = 204)
6:20 AM: sdknn.exe (ID = 204)
6:20 AM: winpg.exe (ID = 204)
6:20 AM: atlxo.exe (ID = 204)
6:20 AM: apixb32.exe (ID = 204)
6:20 AM: sdkwq.exe (ID = 204)
6:20 AM: appvp.exe (ID = 204)
6:20 AM: mfcok32.exe (ID = 204)
6:20 AM: appnq32.exe (ID = 204)
6:20 AM: ipdd32.exe (ID = 204)
6:20 AM: d3py32.exe (ID = 204)
6:21 AM: addkn.exe (ID = 204)
6:21 AM: iecg32.exe (ID = 204)
6:21 AM: apimg32.exe (ID = 200)
6:21 AM: javasa32.exe (ID = 200)
6:21 AM: a0014617.dll (ID = 205)
6:21 AM: a0014613.dll (ID = 205)
6:21 AM: javasz.exe (ID = 204)
6:21 AM: apibu32.exe (ID = 200)
6:21 AM: mfcyt32.exe (ID = 204)
6:21 AM: netua.exe (ID = 204)
6:21 AM: addro32.exe (ID = 204)
6:21 AM: atlxx32.exe (ID = 200)
6:21 AM: a0014637.dll (ID = 205)
6:21 AM: a0014624.dll (ID = 205)
6:21 AM: a0014607.dll (ID = 205)
6:21 AM: ipax32.exe (ID = 200)
6:21 AM: mfcni.exe (ID = 200)
6:21 AM: sdkrk.exe (ID = 200)
6:21 AM: a0014618.dll (ID = 205)
6:21 AM: nettf32.exe (ID = 200)
6:21 AM: mfcae.exe (ID = 204)
6:21 AM: a0014879.dll (ID = 205)
6:21 AM: sdkpa.exe (ID = 200)
6:21 AM: mfcsf.exe (ID = 204)
6:21 AM: d3my.exe (ID = 204)
6:21 AM: iewp.exe (ID = 204)
6:21 AM: javabe32.exe (ID = 204)
6:21 AM: sysbm.exe (ID = 204)
6:21 AM: nethr.exe (ID = 200)
6:21 AM: javalr32.exe (ID = 200)
6:21 AM: ntpb32.exe (ID = 200)
6:21 AM: sdkvx32.exe (ID = 200)
6:21 AM: sdkww.exe (ID = 200)
6:21 AM: sdkua.exe (ID = 200)
6:21 AM: atlfo.exe (ID = 204)
6:21 AM: crkn.exe (ID = 204)
6:21 AM: addyf32.exe (ID = 204)
6:21 AM: a0014636.dll (ID = 205)
6:21 AM: addst32.exe (ID = 204)
6:21 AM: a0014582.dll (ID = 205)
6:21 AM: d3po32.exe (ID = 200)
6:21 AM: a0014614.dll (ID = 205)
6:21 AM: winmh32.exe (ID = 204)
6:21 AM: crsj32.exe (ID = 204)
6:21 AM: addyh32.exe (ID = 204)
6:21 AM: mfcrj32.exe (ID = 204)
6:21 AM: nettr.exe (ID = 204)
6:21 AM: addbf.exe (ID = 204)
6:21 AM: sdkmh.exe (ID = 200)
6:21 AM: netcb32.exe (ID = 204)
6:21 AM: addfj32.exe (ID = 200)
6:21 AM: a0014633.dll (ID = 205)
6:22 AM: javamm32.exe (ID = 200)
6:22 AM: winfj.exe (ID = 200)
6:22 AM: sysos.exe (ID = 204)
6:22 AM: addpt.exe (ID = 200)
6:22 AM: a0014583.dll (ID = 205)
6:22 AM: a0014605.dll (ID = 205)
6:22 AM: appgb.exe (ID = 200)
6:22 AM: mswg32.exe (ID = 204)
6:22 AM: sdksa32.exe (ID = 204)
6:22 AM: a0014635.dll (ID = 205)
6:22 AM: a0014600.dll (ID = 205)
6:22 AM: a0014603.dll (ID = 205)
6:22 AM: sdkud32.exe (ID = 204)
6:22 AM: syshe32.exe (ID = 204)
6:22 AM: atlzz.exe (ID = 200)
6:22 AM: sysxi.exe (ID = 200)
6:22 AM: javaoe32.exe (ID = 204)
6:22 AM: iefk.exe (ID = 204)
6:22 AM: a0014601.dll (ID = 205)
6:22 AM: a0014756.pif:vrspvl (ID = 200)
6:22 AM: javapm32.exe (ID = 200)
6:22 AM: crbr.exe (ID = 204)
6:22 AM: 42f3e00b-c337-4637-bd84-2efc53 (ID = 198831)
6:22 AM: mfcyj32.exe (ID = 204)
6:22 AM: javarl32.exe (ID = 204)
6:22 AM: a0013582.dll (ID = 205)
6:22 AM: a0014586.dll (ID = 205)
6:22 AM: apirs32.exe (ID = 204)
6:23 AM: addfk.exe (ID = 204)
6:23 AM: ipcv.exe (ID = 204)
6:23 AM: sysyw.exe (ID = 200)
6:23 AM: apigj.exe (ID = 200)
6:23 AM: a0014616.dll (ID = 205)
6:23 AM: addaf.exe (ID = 200)
6:23 AM: mfcdw.exe (ID = 204)
6:23 AM: javanm.exe (ID = 204)
6:23 AM: winxr32.exe (ID = 200)
6:23 AM: winpa32.exe (ID = 200)
6:23 AM: addqh.exe (ID = 200)
6:23 AM: sysll.exe (ID = 204)
6:23 AM: sysyd.exe (ID = 204)
6:23 AM: iehl.exe (ID = 204)
6:23 AM: iebb.exe (ID = 204)
6:23 AM: netuw.exe (ID = 200)
6:23 AM: a0014608.dll (ID = 205)
6:23 AM: javavh32.exe (ID = 200)
6:23 AM: Warning: Failed to open file "c:\system volume information\_restore{d6721aaa-e51c-43ac-9a37-34bef2cbf726}\rp108\a0011243.exe". Access is denied
6:23 AM: ieyg32.exe (ID = 204)
6:23 AM: msbs32.exe (ID = 204)
6:23 AM: winuh.exe (ID = 200)
6:23 AM: a0014631.dll (ID = 205)
6:23 AM: apike.exe (ID = 200)
6:23 AM: javaab.exe (ID = 200)
6:23 AM: atldv32.exe (ID = 204)
6:23 AM: a0014752.dll (ID = 205)
6:23 AM: msdt.exe (ID = 204)
6:23 AM: iehe32.exe (ID = 200)
6:23 AM: sdkum.exe (ID = 204)
6:23 AM: addpn.exe (ID = 200)
6:23 AM: a0014592.dll (ID = 205)
6:23 AM: ntix32.exe (ID = 200)
6:23 AM: a0014632.dll (ID = 205)
6:23 AM: a0014591.dll (ID = 205)
6:23 AM: winet32.exe (ID = 200)
6:23 AM: d3me32.exe (ID = 204)
6:24 AM: netra32.exe (ID = 200)
6:24 AM: crjn.exe (ID = 200)
6:24 AM: a0011238.dll (ID = 198826)
6:24 AM: ie4 error log.txt:nztabz (ID = 200)
6:24 AM: syssh32.exe (ID = 200)
6:24 AM: winqg32.exe (ID = 200)
6:24 AM: sdkxm32.exe (ID = 200)
6:24 AM: javamc32.exe (ID = 204)
6:24 AM: d3rb.exe (ID = 200)
6:24 AM: appbw.exe (ID = 204)
6:24 AM: ieof32.exe (ID = 200)
6:24 AM: winyl32.exe (ID = 204)
6:24 AM: atlkj.exe (ID = 204)
6:24 AM: addpv32.exe (ID = 200)
6:24 AM: mfcqv.exe (ID = 200)
6:24 AM: atlxc.exe (ID = 200)
6:24 AM: mfclm.exe (ID = 200)
6:24 AM: atlwi.exe (ID = 200)
6:24 AM: javadg32.exe (ID = 204)
6:24 AM: addac.exe (ID = 200)
6:24 AM: a0011239.dll (ID = 198827)
6:24 AM: ieee.exe (ID = 204)
6:24 AM: javazo32.exe (ID = 204)
6:24 AM: addgc32.exe (ID = 200)
6:24 AM: adduz32.exe (ID = 200)
6:24 AM: atljd32.exe (ID = 200)
6:24 AM: msii32.exe (ID = 204)
6:24 AM: a0014999.exe (ID = 204)
6:24 AM: javalf32.exe (ID = 204)
6:24 AM: crzv32.exe (ID = 200)
6:24 AM: ieqr.exe (ID = 200)
6:24 AM: sdkhl32.exe (ID = 204)
6:24 AM: mfczl.exe (ID = 200)
6:24 AM: iebw.exe (ID = 204)
6:24 AM: syspx.exe (ID = 200)
6:24 AM: crhw.exe (ID = 200)
6:24 AM: ierz.exe (ID = 200)
6:25 AM: atlim32.exe (ID = 200)
6:25 AM: javaam.exe (ID = 200)
6:25 AM: addij.exe (ID = 204)
6:25 AM: ieeq.exe (ID = 200)
6:25 AM: apprn32.exe (ID = 200)
6:25 AM: ipyy.exe (ID = 204)
6:25 AM: ntmp32.exe (ID = 204)
6:25 AM: atlcf.exe (ID = 200)
6:25 AM: d3hc.exe (ID = 200)
6:25 AM: mfcub32.exe (ID = 204)
6:25 AM: ieki32.exe (ID = 204)
6:25 AM: creu32.exe (ID = 204)
6:25 AM: ntjd32.exe (ID = 200)
6:25 AM: iepe.exe (ID = 200)
6:25 AM: winwz.exe (ID = 200)
6:25 AM: msot.exe (ID = 204)
6:25 AM: adddz32.exe (ID = 204)
6:25 AM: mfcdd.exe (ID = 204)
6:25 AM: d3nw32.exe (ID = 204)
6:25 AM: crnp.exe (ID = 200)
6:25 AM: syshp32.exe (ID = 200)
6:25 AM: ipzt.exe (ID = 204)
6:25 AM: atlwk32.exe (ID = 204)
6:25 AM: sdkml32.exe (ID = 200)
6:25 AM: atlig32.exe (ID = 200)
6:25 AM: ipxt.exe (ID = 204)
6:25 AM: apikw32.exe (ID = 204)
6:25 AM: b9235862-1503-47ee-9894-a6708a (ID = 190097)
6:25 AM: crsn.exe (ID = 204)
6:25 AM: creb.exe (ID = 204)
6:25 AM: sysgb32.exe (ID = 200)
6:25 AM: ipfv.exe (ID = 200)
6:25 AM: d3tj32.exe (ID = 200)
6:25 AM: ntjr.exe (ID = 200)
6:25 AM: javaed.exe (ID = 200)
6:25 AM: sysqu.exe (ID = 204)
6:25 AM: d3ti.exe (ID = 204)
6:25 AM: iegw32.exe (ID = 200)
6:25 AM: ntll32.exe (ID = 204)
6:25 AM: ipod.exe (ID = 204)
6:25 AM: sysut.exe (ID = 200)
6:25 AM: ieeg32.exe (ID = 204)
6:25 AM: javawf32.exe (ID = 204)
6:25 AM: mfcas32.exe (ID = 204)
6:25 AM: crqw32.exe (ID = 204)
6:25 AM: sdksw32.exe (ID = 204)
6:25 AM: apicw.exe (ID = 200)
6:25 AM: sdkga32.exe (ID = 200)
6:25 AM: d3eq32.exe (ID = 204)
6:25 AM: a0012297.dll (ID = 205)
6:25 AM: iewc32.exe (ID = 204)
6:25 AM: mfceb32.exe (ID = 200)
6:25 AM: atlsv.exe (ID = 204)
6:25 AM: ipuj32.exe (ID = 200)
6:25 AM: a0012283.dll (ID = 205)
6:25 AM: a0012295.dll (ID = 205)
6:25 AM: appcv.exe (ID = 200)
6:25 AM: atlom.exe (ID = 204)
6:25 AM: ieio.exe (ID = 204)
6:25 AM: netzm.exe (ID = 200)
6:25 AM: mskh32.exe (ID = 204)
6:25 AM: ntvx.exe (ID = 204)
6:25 AM: d3sp32.exe (ID = 204)
6:25 AM: javaya.exe (ID = 204)
6:25 AM: addhe.exe (ID = 204)
6:25 AM: ietg32.exe (ID = 204)
6:25 AM: syskf32.exe (ID = 204)
6:25 AM: addpm32.exe (ID = 200)
6:25 AM: a0012298.dll (ID = 205)
6:25 AM: a0012284.dll (ID = 205)
6:25 AM: a0012299.dll (ID = 205)
6:25 AM: a0012285.dll (ID = 205)
6:25 AM: a0014588.dll (ID = 205)
6:25 AM: a0012286.dll (ID = 205)
6:25 AM: a0012300.dll (ID = 205)
6:25 AM: a0012287.dll (ID = 205)
6:25 AM: a0014626.dll (ID = 205)
6:25 AM: a0012288.dll (ID = 205)
6:25 AM: a0012301.dll (ID = 205)
6:25 AM: a0012289.dll (ID = 205)
6:25 AM: a0012302.dll (ID = 205)
6:25 AM: a0012290.dll (ID = 205)
6:25 AM: a0012291.dll (ID = 205)
6:25 AM: a0012303.dll (ID = 205)
6:25 AM: a0012292.dll (ID = 205)
6:25 AM: a0012293.dll (ID = 205)
6:25 AM: a0012304.dll (ID = 205)
6:25 AM: a0014609.dll (ID = 205)
6:25 AM: a0012305.dll (ID = 205)
6:25 AM: a0012296.dll (ID = 205)
6:25 AM: a0012306.dll (ID = 205)
6:25 AM: d3cw32.exe (ID = 204)
6:25 AM: crdz.exe (ID = 204)
6:25 AM: d3vz32.exe (ID = 204)
6:25 AM: apiit32.exe (ID = 204)
6:25 AM: sdkrv.exe (ID = 204)
6:25 AM: addoq32.exe (ID = 204)
6:25 AM: apipm.exe (ID = 200)
6:25 AM: apijr.exe (ID = 204)
6:25 AM: winoc32.exe (ID = 200)
6:25 AM: Warning: Failed to open file "c:\system volume information\_restore{d6721aaa-e51c-43ac-9a37-34bef2cbf726}\rp108\a0011242.dll". Access is denied
6:25 AM: a0011240.dll (ID = 198828)
6:25 AM: d3nr.exe (ID = 200)
6:25 AM: a0011244.exe (ID = 198832)
6:25 AM: ntqw32.exe (ID = 200)
6:25 AM: apiby32.exe (ID = 204)
6:25 AM: mfchl.exe (ID = 200)
6:25 AM: javant.exe (ID = 200)
6:25 AM: netna32.exe (ID = 200)
6:26 AM: javavp32.exe (ID = 204)
6:26 AM: sdkei32.exe (ID = 200)
6:26 AM: ipic.exe (ID = 200)
6:26 AM: atlpy32.exe (ID = 204)
6:26 AM: crey.exe (ID = 200)
6:26 AM: d3fh32.exe (ID = 204)
6:26 AM: javamy.exe (ID = 200)
6:26 AM: sdknc.exe (ID = 200)
6:26 AM: atlxc32.exe (ID = 204)
6:26 AM: wincw32.exe (ID = 200)
6:26 AM: atlsd32.exe (ID = 200)
6:26 AM: addnh.exe (ID = 200)
6:26 AM: d3mw32.exe (ID = 200)
6:26 AM: ntkm32.exe (ID = 200)
6:26 AM: sdkku.exe (ID = 200)
6:26 AM: a0016055.exe (ID = 200)
6:26 AM: a0016061.dll (ID = 205)
6:26 AM: netus.exe (ID = 204)
6:26 AM: javayp.exe (ID = 200)
6:26 AM: crde32.exe (ID = 200)
6:26 AM: a0016058.dll (ID = 205)
6:26 AM: addaz.exe (ID = 204)
6:26 AM: addim32.exe (ID = 204)
6:26 AM: addrs32.exe (ID = 204)
6:26 AM: addww.exe (ID = 204)
6:26 AM: addwy.exe (ID = 204)
6:26 AM: apijq32.exe (ID = 204)
6:26 AM: apism.exe (ID = 204)
6:26 AM: apixi32.exe (ID = 200)
6:26 AM: apizt.exe (ID = 200)
6:26 AM: appam.exe (ID = 204)
6:26 AM: appau32.exe (ID = 204)
6:26 AM: apphm32.exe (ID = 204)
6:26 AM: apphq.exe (ID = 204)
6:26 AM: appmp32.exe (ID = 204)
6:26 AM: appxs32.exe (ID = 204)
6:26 AM: atlci.exe (ID = 204)
6:26 AM: atllo32.exe (ID = 204)
6:26 AM: atlls32.exe (ID = 204)
6:26 AM: atlpc32.exe (ID = 204)
6:26 AM: atlpr32.exe (ID = 204)
6:26 AM: atlsf.exe (ID = 204)
6:26 AM: crnq.exe (ID = 204)
6:26 AM: d3ba32.exe (ID = 204)
6:27 AM: d3eu32.exe (ID = 204)
6:27 AM: d3vt.exe (ID = 204)
6:27 AM: d3wr.exe (ID = 204)
6:27 AM: a0016057.dll (ID = 205)
6:27 AM: a0016059.dll (ID = 205)
6:27 AM: a0016060.dll (ID = 205)
6:27 AM: a0016062.dll (ID = 205)
6:27 AM: a0016063.dll (ID = 205)
6:27 AM: a0016064.dll (ID = 205)
6:27 AM: a0016065.dll (ID = 205)
6:27 AM: a0016066.dll (ID = 205)
6:27 AM: a0016067.dll (ID = 205)
6:27 AM: a0016068.dll (ID = 205)
6:27 AM: a0016069.dll (ID = 205)
6:27 AM: a0016070.dll (ID = 205)
6:27 AM: a0016071.dll (ID = 205)
6:27 AM: a0016072.dll (ID = 205)
6:27 AM: a0016073.dll (ID = 205)
6:27 AM: ieil.exe (ID = 204)
6:27 AM: msdfmap.ini:tiisqj (ID = 204)
6:27 AM: sdkmu32.exe (ID = 204)
6:27 AM: sysis32.exe (ID = 204)
6:27 AM: msxu.exe (ID = 204)
6:27 AM: d3mx.exe (ID = 204)
6:27 AM: appgy.exe (ID = 204)
6:27 AM: ieym.exe (ID = 204)
6:27 AM: ipbm32.exe (ID = 200)
6:27 AM: ipdk.exe (ID = 204)
6:27 AM: ipgv.exe (ID = 204)
6:27 AM: ipip.exe (ID = 204)
6:27 AM: javaaz.exe (ID = 204)
6:27 AM: javaso.exe (ID = 204)
6:27 AM: javatk.exe (ID = 204)
6:27 AM: javaux.exe (ID = 204)
6:27 AM: javawn32.exe (ID = 204)
6:27 AM: javaxs.exe (ID = 204)
6:27 AM: javays.exe (ID = 204)
6:27 AM: mfckg.exe (ID = 204)
6:27 AM: mfcrs.exe (ID = 204)
6:27 AM: mfcuy32.exe (ID = 204)
6:27 AM: mfczd.exe (ID = 204)
6:27 AM: mfczf32.exe (ID = 204)
6:27 AM: msde32.exe (ID = 204)
6:27 AM: mslu32.exe (ID = 204)
6:27 AM: msnk.exe (ID = 204)
6:27 AM: msqm.exe (ID = 204)
6:27 AM: msva.exe (ID = 204)
6:27 AM: mswz32.exe (ID = 204)
6:27 AM: msyq32.exe (ID = 204)
6:27 AM: netbo.exe (ID = 204)
6:27 AM: netbt32.exe (ID = 204)
6:27 AM: netey.exe (ID = 204)
6:27 AM: nettg32.exe (ID = 204)
6:27 AM: netwz32.exe (ID = 204)
6:27 AM: netxi.exe (ID = 204)
6:27 AM: ntkv32.exe (ID = 204)
6:27 AM: sdkbp32.exe (ID = 204)
6:27 AM: sdkid.exe (ID = 204)
6:27 AM: sdkjd32.exe (ID = 200)
6:27 AM: sdkli.exe (ID = 200)
6:27 AM: sdklo32.exe (ID = 204)
6:27 AM: sdknl32.exe (ID = 204)
6:27 AM: sdkns32.exe (ID = 204)
6:27 AM: sdkpo32.exe (ID = 204)
6:27 AM: sysfz32.exe (ID = 204)
6:27 AM: sysgx.exe (ID = 204)
6:27 AM: syshi32.exe (ID = 204)
6:27 AM: syshr.exe (ID = 204)
6:27 AM: sysoq32.exe (ID = 204)
6:27 AM: sysrt.exe (ID = 204)
6:27 AM: syssq32.exe (ID = 204)
6:27 AM: systo.exe (ID = 204)
6:27 AM: sysvx.exe (ID = 204)
6:27 AM: syswv.exe (ID = 204)
6:27 AM: winck.exe (ID = 204)
6:27 AM: winhg.exe (ID = 204)
6:27 AM: winhm.exe (ID = 204)
6:27 AM: winjc.exe (ID = 204)
6:27 AM: winms32.exe (ID = 200)
6:27 AM: winua.exe (ID = 204)
6:27 AM: winus.exe (ID = 200)
6:27 AM: winuz.exe (ID = 204)
6:27 AM: winyu.exe (ID = 204)
6:31 AM: Warning: Invalid Stream
6:31 AM: a0011881.lnk (ID = 198831)
6:32 AM: File Sweep Complete, Elapsed Time: 00:29:44
6:32 AM: Full Sweep has completed. Elapsed time 00:32:28
6:32 AM: Traces Found: 994
6:33 AM: Removal process initiated
6:33 AM: Quarantining All Traces: spysheriff
6:33 AM: Quarantining All Traces: cws_tiny0
6:37 AM: Quarantining All Traces: adrevolver cookie
6:37 AM: Quarantining All Traces: centrport net cookie
6:38 AM: Removal process completed. Elapsed time 00:05:18
********

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 05:58 PM

OK,run Spysweeper once more just as before,no need for the session log in the next reply.

If SpySweeper prompts for a reboot to complete the cleaning process then do so,if not,leave the PC be.

Scan with HijackThis and post that log but please do not reboot the PC as it will make infecting file names change.

If you dont see a response from me tonight,disconnect you Internet Connection from the PC but leave the PC on.

I will catch the post early in the morning before I go to work,this will help ensure the filenames I see in HijackThis are accurate.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users