Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 3040

Mar 27th, 2006

Hijackthis log RE: Trojan.Abwiz.F virus

Expand Post »

First off, God bless you generous souls that give your time to help out those with less technical ability such as myself

I believe I may have gotten rid of this trojan virus but I am not sure. I was wondering if someone would be so kind as to review the attached Hijackthis log to let me know if my system is clean. Before I attach my log, I will give some details about my situation.

I am using an IBM Thinkpad R51 with Windows XP SP 2. A couple of days ago a Microsoft Antispyware window popped up asking me if I wanted to allow internet access for a program called "taskdir.exe". I hadn't installed anything that day and the program did not look familiar so I googled it and found out it was a trojan virus. I also noticed that my Norton Antivirus somehow got disabled and was acting odd (meaning it was difficult to enable again). Norton Antivirus also automatically removed a threatening file (Source: C:\WINDOWS\system32\taskdir.dll
Click for more information about this threat : Trojan.Abwiz.F).

I scanned my system using Microsoft Antispyware and did not find anything. Then I scanned my system using Norton Antivirus which found four threats which I deleted. Then I scanned my system using Ad-Aware SE Personal which found over 100 critical threats but only four were files and the others were just tracking cookies. I removed those critical threats as well using the Ad-Aware software removal. I rebooted and performed all the scans again. Some infected files were found in my recycle bin so I emptied it, rebooted and re-scanned. I kept doing this until all scans came back clean.

I was reading some of the other threads (with what looks like the same virus) and I am worried that the virus may come back since I did not do anything in safe mode. I actually do not even know how to get into safe mode. Before I attach my Hijackthis log, I am going to copy and paste some of the log info from Norton Antivirus with file names just in case that helps. Hopefully someone will be able to help me out. Thanks,

Brian

Norton Log:
1. Description: The file C:\WINDOWS\system32\parad.raw.exe is infected with the Trojan.Abwiz.F virus.
2. Description: The file C:\Documents and Settings\Brian Stebbins\Local Settings\Temporary Internet Files\Content.IE5\UB6JOTQP\parad[1].raw is infected with the Trojan.Abwiz.F virus.
3. Description: The file C:\WINDOWS\system32\taskdir.exe is infected with the Trojan.Abwiz.F virus.
4. Description: The file C:\WINDOWS\system32\voblaizdupla.exe is infected with the Download.Trojan virus.

Hijackthis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:34:01 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} (CmdInsReg Class) - https://www.send2fax.com/microsoft-o...RegControl.cab
O18 - Protocol: bw+0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

Similar Threads

Hijackthis log RE: Potentially rootkit-masked files in Viruses, Spyware and other Nasties

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

Permalink

Mar 27th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

Your log looks infection-free, but if you want to do a little more in-depth detection and cleaning, here's the "canned answer" method I usually suggest:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
ewido Anti-malware - http://www.ewido.net/en/download/

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open Norton antivirus and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.

2. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key just as your computer is starting up).

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Run CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK

- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders

- Click on Run Cleaner

It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

- Run Norton, MS Antispyware, and ewido; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.

3. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.

DMR

Team Colleague

Reputation Points: 221

Solved Threads: 369

Wombat At Large

Offline

6,439 posts
since Dec 2003

Permalink

Mar 27th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

I followed all of the instructions from the previous posting. In addition, I ran the Symantec "Trojan.Abwiz.F" removal tool. When I ran the scans in safe mode, Norton and MS Antispyware did not find anything. However, ewido found 28 items and Spy Sweeper found one more. I follwed your instructions and cleaned those files. There was nothing to empty from my recycle bin in safe mode. However, when I rebooted in regular mode there were items in my recycle bin which needed to be deleted. Maybe this was due to my being logged in as the administrator in safe mode and myself in regular mode. The logs from the scan are listed below, please let me know what you think and if there is anything to worry about from here on out. Thanks again=) Brian

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:04:23 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} (CmdInsReg Class) - https://www.send2fax.com/microsoft-o...RegControl.cab
O18 - Protocol: bw+0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:23:50 AM, 3/27/2006
+ Report-Checksum: F800FB97

+ Scan result:

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP148\A0084198.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP148\A0084199.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP148\A0084200.exe -> Downloader.Small.ciw : Cleaned with backup
C:\WINDOWS\system32\akfloing.huv -> Trojan.Agent.qe : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@com[2].txt -> TrackingCookie.Com : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@e-2dj6wjk4kgajkdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@greatschools.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
E:\Backup of C Drive\Documents and Settings\Brian Stebbins\Cookies\brian stebbins@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup

::Report End

Spy Sweeper log:
********
1:15 PM: | Start of Session, Monday, March 27, 2006 |
1:15 PM: Spy Sweeper started
1:15 PM: Sweep initiated using definitions version 641
1:15 PM: Starting Memory Sweep
1:17 PM: Memory Sweep Complete, Elapsed Time: 00:01:44
1:17 PM: Starting Registry Sweep
1:17 PM: Registry Sweep Complete, Elapsed Time:00:00:17
1:17 PM: Starting Cookie Sweep
1:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:18 PM: Starting File Sweep
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{3868a8ee-5051-4db0-8df6-4f4b8a98d083}\setup.ilg". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{78f4dfce-1336-4027-bcb2-1a00c24a8653}\setup.ilg". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{872653c6-5ddc-488b-b7c2-cf9e4d9335e5}\setup.ilg". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.ilg". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
1:21 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
1:22 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.bmp". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.ilg". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.ilg". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.hdr". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.iss". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{47808f78-f178-49dc-b708-15fe538b16ff}\setup.ilg". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\layout.bin". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.ilg". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.hdr". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\layout.bin". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.hdr". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.ilg". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{0552a36d-0d7e-4ff5-8fdb-6629aba7c779}\setup.ilg". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.inx". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.hdr". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data2.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.hdr". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.cab". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.cab". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.ilg". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{4e5e22c2-1386-47ae-8ede-32ddcdcd6653}\setup.ilg". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.inx". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.ilg". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
1:34 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.ilg". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{be20e2f5-1903-4aae-b1af-2046e586c925}\setup.ilg". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.iss". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.iss". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.hdr". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.hdr". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.hdr". The system cannot find the path specified
1:37 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
1:38 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.inx". The system cannot find the path specified
1:38 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.ilg". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.inx". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.inx". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data2.cab". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.ilg". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:43 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.cab". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data2.cab". The system cannot find the path specified
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:02 PM: Found System Monitor: potentially rootkit-masked files
2:02 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma (ID = 0)
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Unhandled Archive Type
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: File Sweep Complete, Elapsed Time: 00:46:50
2:04 PM: Full Sweep has completed. Elapsed time 00:49:05
2:04 PM: Traces Found: 1
2:45 PM: Removal process initiated
2:45 PM: Quarantining All Traces: potentially rootkit-masked files
2:45 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
2:45 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma is in use. It will be removed on reboot.
2:46 PM: Preparing to restart your computer. Please wait...
2:46 PM: Removal process completed. Elapsed time 00:00:52
********
1:13 PM: | Start of Session, Monday, March 27, 2006 |
1:13 PM: Spy Sweeper started
1:15 PM: | End of Session, Monday, March 27, 2006 |

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

Permalink

Mar 28th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

Just to be safe, I rebooted back into safe and went through all the scans again to make sure they did not show any infected items. Only Spy Sweeper was still showing an infected item. Spy Sweeper indicated that I have a "rootkit". I went ahead and tried to remove it using Spy Sweeper just as I had after the first scans but I would bet that it will still be there after I reboot and run the scan again. Does anyone have any additional advice for me?

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

Permalink

Mar 28th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

Quote originally posted by stebbs ...

Spy Sweeper indicated that I have a "rootkit".

I'm pretty sure that the "violin concerto" audio file is causing Spy Sweeper to throw up the rootkit warning. The file is .wma format, which brings up the possibility of monopolistic money grubbing... er, I mean, *cough* music industry copy protection software being installed. I see no signs of such software on your computer, though.

Can you post the Spy Sweeper log from the Safe Mode scan?

DMR

Team Colleague

Reputation Points: 221

Solved Threads: 369

Wombat At Large

Offline

6,439 posts
since Dec 2003

Permalink

Mar 28th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

LOL. Those darn money grubbers=)

Sorry about that. I forgot to attach the updated log. The log below includes the most recent scan as well as one performed earlier today. I suppose I can't solve this problem by simply deleting that audio file, right? Thanks for the help.

********
9:09 PM: | Start of Session, Monday, March 27, 2006 |
9:09 PM: Spy Sweeper started
9:09 PM: Sweep initiated using definitions version 641
9:09 PM: Starting Memory Sweep
9:11 PM: Memory Sweep Complete, Elapsed Time: 00:01:53
9:11 PM: Starting Registry Sweep
9:12 PM: Registry Sweep Complete, Elapsed Time:00:00:18
9:12 PM: Starting Cookie Sweep
9:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:12 PM: Starting File Sweep
9:12 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.hdr". The system cannot find the path specified
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\program files\\{3868a8ee-5051-4db0-8df6-4f4b8a98d083}\setup.ilg". The system cannot find the path specified
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:13 PM: Warning: Failed to open file "c:\program files\\{78f4dfce-1336-4027-bcb2-1a00c24a8653}\setup.ilg". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.hdr". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.hdr". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{872653c6-5ddc-488b-b7c2-cf9e4d9335e5}\setup.ilg". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.ilg". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
9:14 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
9:15 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
9:16 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.bmp". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.ilg". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.ilg". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.hdr". The system cannot find the path specified
9:20 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.bmp". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.bmp". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.bmp". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.iss". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\{47808f78-f178-49dc-b708-15fe538b16ff}\setup.ilg". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.inx". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.inx". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.inx". The system cannot find the path specified
9:21 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\layout.bin". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.ilg". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.inx". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\setup.inx". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.hdr". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\layout.bin". The system cannot find the path specified
9:22 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
9:23 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.hdr". The system cannot find the path specified
9:23 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.ilg". The system cannot find the path specified
9:23 PM: Warning: Failed to open file "c:\program files\\{0552a36d-0d7e-4ff5-8fdb-6629aba7c779}\setup.ilg". The system cannot find the path specified
9:23 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
9:24 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.inx". The system cannot find the path specified
9:24 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.ilg". The system cannot find the path specified
9:24 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.inx". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.inx". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.inx". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.hdr". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data2.cab". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.hdr". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.ilg". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.inx". The system cannot find the path specified
9:25 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.inx". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.cab". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.cab". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.inx". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.inx". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.ilg". The system cannot find the path specified
9:26 PM: Warning: Failed to open file "c:\program files\\{4e5e22c2-1386-47ae-8ede-32ddcdcd6653}\setup.ilg". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.cab". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.cab". The system cannot find the path specified
9:27 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.inx". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.ilg". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.cab". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.hdr". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.hdr". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.hdr". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.hdr". The system cannot find the path specified
9:28 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
9:30 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
9:30 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.ilg". The system cannot find the path specified
9:30 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
9:30 PM: Warning: Failed to open file "c:\program files\\{be20e2f5-1903-4aae-b1af-2046e586c925}\setup.ilg". The system cannot find the path specified
9:31 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.iss". The system cannot find the path specified
9:31 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.iss". The system cannot find the path specified
9:32 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.hdr". The system cannot find the path specified
9:32 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.hdr". The system cannot find the path specified
9:32 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.hdr". The system cannot find the path specified
9:32 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
9:33 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.inx". The system cannot find the path specified
9:34 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.ilg". The system cannot find the path specified
9:34 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.inx". The system cannot find the path specified
9:35 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
9:35 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
9:36 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:37 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\ikernel.ex_". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\ikernel.ex_". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\ikernel.ex_". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\program files\\pc-doctor\ikernel.ex_". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:37 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:37 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.inx". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data2.cab". The system cannot find the path specified
9:37 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
9:38 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.ilg". The system cannot find the path specified
9:38 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:39 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.cab". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.inx". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.ilg". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.inx". The system cannot find the path specified
9:40 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data2.cab". The system cannot find the path specified
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
9:59 PM: Found System Monitor: potentially rootkit-masked files
9:59 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma (ID = 0)
10:00 PM: Warning: Unhandled Archive Type
10:00 PM: File Sweep Complete, Elapsed Time: 00:48:30
10:00 PM: Full Sweep has completed. Elapsed time 00:50:54
10:00 PM: Traces Found: 1
10:08 PM: Removal process initiated
10:08 PM: Quarantining All Traces: potentially rootkit-masked files
10:08 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
10:08 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma is in use. It will be removed on reboot.
10:09 PM: Removal process completed. Elapsed time 00:00:53
********
1:15 PM: | Start of Session, Monday, March 27, 2006 |
1:15 PM: Spy Sweeper started
1:15 PM: Sweep initiated using definitions version 641
1:15 PM: Starting Memory Sweep
1:17 PM: Memory Sweep Complete, Elapsed Time: 00:01:44
1:17 PM: Starting Registry Sweep
1:17 PM: Registry Sweep Complete, Elapsed Time:00:00:17
1:17 PM: Starting Cookie Sweep
1:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:18 PM: Starting File Sweep
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{3868a8ee-5051-4db0-8df6-4f4b8a98d083}\setup.ilg". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:19 PM: Warning: Failed to open file "c:\program files\\{78f4dfce-1336-4027-bcb2-1a00c24a8653}\setup.ilg". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.hdr". The system cannot find the path specified
1:19 PM: Warning: Failed to open file "c:\program files\\{872653c6-5ddc-488b-b7c2-cf9e4d9335e5}\setup.ilg". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.ilg". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
1:20 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
1:21 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
1:22 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.bmp". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.ilg". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
1:25 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.ilg". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.hdr". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.bmp". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.iss". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{47808f78-f178-49dc-b708-15fe538b16ff}\setup.ilg". The system cannot find the path specified
1:26 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\layout.bin". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.ilg". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\setup.inx". The system cannot find the path specified
1:27 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.hdr". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\layout.bin". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.hdr". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.ilg". The system cannot find the path specified
1:28 PM: Warning: Failed to open file "c:\program files\\{0552a36d-0d7e-4ff5-8fdb-6629aba7c779}\setup.ilg". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.inx". The system cannot find the path specified
1:29 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.hdr". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data2.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.hdr". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.ilg". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.inx". The system cannot find the path specified
1:30 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.cab". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.cab". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.inx". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.ilg". The system cannot find the path specified
1:31 PM: Warning: Failed to open file "c:\program files\\{4e5e22c2-1386-47ae-8ede-32ddcdcd6653}\setup.ilg". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.cab". The system cannot find the path specified
1:32 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.inx". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.ilg". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.cab". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.hdr". The system cannot find the path specified
1:33 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
1:34 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.ilg". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
1:35 PM: Warning: Failed to open file "c:\program files\\{be20e2f5-1903-4aae-b1af-2046e586c925}\setup.ilg". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.iss". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.iss". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.hdr". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.hdr". The system cannot find the path specified
1:36 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.hdr". The system cannot find the path specified
1:37 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
1:38 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.inx". The system cannot find the path specified
1:38 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.ilg". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.inx". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
1:39 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\program files\\pc-doctor\ikernel.ex_". The system cannot find the path specified
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:41 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.inx". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data2.cab". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.ilg". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:43 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.cab". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
1:43 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.inx". The system cannot find the path specified
1:44 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data2.cab". The system cannot find the path specified
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
1:46 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:02 PM: Found System Monitor: potentially rootkit-masked files
2:02 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma (ID = 0)
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Invalid file - not a PKZip file
2:02 PM: Warning: Unhandled Archive Type
2:02 PM: Warning: Unhandled Archive Type
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: Warning: Invalid file - not a PKZip file
2:04 PM: File Sweep Complete, Elapsed Time: 00:46:50
2:04 PM: Full Sweep has completed. Elapsed time 00:49:05
2:04 PM: Traces Found: 1
2:45 PM: Removal process initiated
2:45 PM: Quarantining All Traces: potentially rootkit-masked files
2:45 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
2:45 PM: 04-violin concerto ('l'estate', the four seasons) for violin, strings & continuo in g minor, op. 8-2, rv 315- allegro-various artists-25 romantic classics.wma is in use. It will be removed on reboot.
2:46 PM: Preparing to restart your computer. Please wait...
2:46 PM: Removal process completed. Elapsed time 00:00:52
********
1:13 PM: | Start of Session, Monday, March 27, 2006 |
1:13 PM: Spy Sweeper started
1:15 PM: | End of Session, Monday, March 27, 2006 |

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

Permalink

Mar 28th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

Quote originally posted by stebbs ...

I suppose I can't solve this problem by simply deleting that audio file, right?

Actually, I was going to suggest that. Delete the file, run Spy Sweeper again, and post the new log.

DMR

Team Colleague

Reputation Points: 221

Solved Threads: 369

Wombat At Large

Offline

6,439 posts
since Dec 2003

Permalink

Mar 28th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

I deleted the file, emptied the recycle bin and then rebooted. I then ran Spy Sweeper again and nothing was detected. Just to be safe, I thought I should re-run all the scans again in safe mode before I booted up in regular mode. When I ran Norton Antivirus again, nothing was detected.

Then I double clicked on the Microsoft Antispyware icon to open up the program. Upon doing so, three Microsoft Antispyware windows popped up on the bottom right of my screen. The first was a blue boxed window saying that "A Windows service requires my approval" with the name of Sysinternals Rootkitrevealer. This was a program that I installed in trying to do some additional cleanup. I blocked this and plan on uninstalling it.

The secon blue boxed window is the one that makes me nervous. The second blue boxed window said that "A Windows hosts file change requires your approval" with the host of "www8.ad.tomshardware.com" and an IP Address of "mshardware.com 127.0.0.1". I blocked both of the blue boxed windows. Just FYI, when I was looking around in MS Antispyware yesterday to see what programs were being given access to the internet, etc. I noted that there were a bunch of redirect links and I believe they had the same IP address as the one above. I started to delete them one by one but there were hundreds and I ended up stopping. An example would redirect howstuffworks.com to 127.0.0.1.

The third window was a green boxed MS Antispyware window that appeared for only a brief second and then disappeared. I went into the MS Antispyware log and found out that window was for "An Internet Explorer Explorer Bar has been added to your Internet Explorer and has been automatically allowed. Microsoft Antispyware has determined this program to be free of known spyware."

That second blue box makes me nervous and I believe the rootkit is still there somehow. What do you think? Do I have anything to still be worried about or do you think it is safe to boot up in regular mode again? The most recent Spy Sweeper log is below. I will post a new ewido log and a new hijackthis log (all in safe mode) after I run them. Thanks again for all your time and effort in helping me out=)

********
2:01 PM: | Start of Session, Tuesday, March 28, 2006 |
2:01 PM: Spy Sweeper started
2:01 PM: Sweep initiated using definitions version 641
2:01 PM: Starting Memory Sweep
2:02 PM: Memory Sweep Complete, Elapsed Time: 00:01:13
2:02 PM: Starting Registry Sweep
2:02 PM: Registry Sweep Complete, Elapsed Time:00:00:14
2:02 PM: Starting Cookie Sweep
2:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:02 PM: Starting File Sweep
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.hdr". The system cannot find the path specified
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\program files\\{3868a8ee-5051-4db0-8df6-4f4b8a98d083}\setup.ilg". The system cannot find the path specified
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:03 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:04 PM: Warning: Failed to open file "c:\program files\\{78f4dfce-1336-4027-bcb2-1a00c24a8653}\setup.ilg". The system cannot find the path specified
2:04 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.hdr". The system cannot find the path specified
2:04 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.hdr". The system cannot find the path specified
2:04 PM: Warning: Failed to open file "c:\program files\\{872653c6-5ddc-488b-b7c2-cf9e4d9335e5}\setup.ilg". The system cannot find the path specified
2:04 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.ilg". The system cannot find the path specified
2:05 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
2:05 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
2:05 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
2:06 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
2:06 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.bmp". The system cannot find the path specified
2:10 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.ilg". The system cannot find the path specified
2:10 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
2:10 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.ilg". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.hdr". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.bmp". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.bmp". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.bmp". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.iss". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\{47808f78-f178-49dc-b708-15fe538b16ff}\setup.ilg". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.inx". The system cannot find the path specified
2:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.inx". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.inx". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\layout.bin". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.ilg". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.inx". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\setup.inx". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.hdr". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\layout.bin". The system cannot find the path specified
2:12 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
2:13 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.hdr". The system cannot find the path specified
2:13 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.ilg". The system cannot find the path specified
2:13 PM: Warning: Failed to open file "c:\program files\\{0552a36d-0d7e-4ff5-8fdb-6629aba7c779}\setup.ilg". The system cannot find the path specified
2:13 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
2:14 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.inx". The system cannot find the path specified
2:14 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.ilg". The system cannot find the path specified
2:14 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.inx". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.inx". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.inx". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.hdr". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data2.cab". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.hdr". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.ilg". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.inx". The system cannot find the path specified
2:15 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.inx". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.cab". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.cab". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.inx". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.inx". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.ilg". The system cannot find the path specified
2:16 PM: Warning: Failed to open file "c:\program files\\{4e5e22c2-1386-47ae-8ede-32ddcdcd6653}\setup.ilg". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
2:17 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.inx". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.ilg". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.cab". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.hdr". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.hdr". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.hdr". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.hdr". The system cannot find the path specified
2:18 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
2:19 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
2:19 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.ilg". The system cannot find the path specified
2:20 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
2:20 PM: Warning: Failed to open file "c:\program files\\{be20e2f5-1903-4aae-b1af-2046e586c925}\setup.ilg". The system cannot find the path specified
2:20 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.iss". The system cannot find the path specified
2:20 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.iss". The system cannot find the path specified
2:21 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.hdr". The system cannot find the path specified
2:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.hdr". The system cannot find the path specified
2:21 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.hdr". The system cannot find the path specified
2:21 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
2:22 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.inx". The system cannot find the path specified
2:23 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.ilg". The system cannot find the path specified
2:23 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.inx". The system cannot find the path specified
2:24 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
2:24 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\ikernel.ex_". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\ikernel.ex_". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\ikernel.ex_". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\program files\\pc-doctor\ikernel.ex_". The system cannot find the path specified
2:26 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:26 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:26 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.inx". The system cannot find the path specified
2:27 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data2.cab". The system cannot find the path specified
2:27 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
2:27 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.ilg". The system cannot find the path specified
2:27 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:28 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.cab". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
2:28 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.inx". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.ilg". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.inx". The system cannot find the path specified
2:29 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data2.cab". The system cannot find the path specified
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:30 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
2:47 PM: File Sweep Complete, Elapsed Time: 00:44:41
2:47 PM: Full Sweep has completed. Elapsed time 00:46:20
2:47 PM: Traces Found: 0
********
1:56 PM: | Start of Session, Tuesday, March 28, 2006 |
1:56 PM: Spy Sweeper started
1:56 PM: Sweep initiated using definitions version 641
1:57 PM: Starting Memory Sweep
1:58 PM: Sweep Canceled
1:58 PM: Memory Sweep Complete, Elapsed Time: 00:01:12
1:58 PM: Traces Found: 0

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

Permalink

Mar 29th, 2006

Re: Hijackthis log RE: Trojan.Abwiz.F virus

When MS Antispyware finished the scan 6 infected items were found in the registry keys scanned. The 6 infected items were all related to "Rivarts.A". See the following link for more details on Rivarts.A:

http://www.pandasoftware.com/virus_i...&idvirus=92688

MSAS cleaned the 6 infected items. I re-scanned with MSAS and the 6 infected items were not found. I then went on to scan with ewido which did not detect anything. My ewido and hijackthis logs are below. What would you recommend that I do next? This is pretty scary that these infected files don't appear one time and then show up the next time. Where do I go from here? Thanks,
Brian

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:43:53 PM, 3/28/2006
+ Report-Checksum: 5C49FFD4

+ Scan result:

No infected objects found.

::Report End

-------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:45:16 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp0201...stem%20Monitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} (CmdInsReg Class) - https://www.send2fax.com/microsoft-o...RegControl.cab
O18 - Protocol: bw+0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AAFMBMHY - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AAFMBMHY.exe (file missing)
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

stebbs

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Mar 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: HELP PLEASE~*hijack log inside*

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Download trojan on my laptop!

DaniWeb Message

Cancel Changes

User Name
Password