0

I have been cleaning my system for over a week now and I can't seem to get rid of the last pieces of a rootkit virus. Any help would be greatly appreciated. I am using an IBM Thinkpad R51 with XP Professional w/ SP2.

It all started when MS Antispyware asked me if I wanted to give internet access to a program called "taskdir.exe". I hadn't installed any new programs and didn't recognize the file. I googled the file name and come to find out that I had a Trojan virus. After that, I posted a thread (which contains more details) under my username "stebbs" and the title of "Hijackthis log RE: Trojan.Abwiz.F virus". A kind soul gave me some advice which I followed. The advice I received cleaned up much of my problem I believe. However, some "potentially rootkit-masked files" remain on my system that I would like to get rid of. During the cleanup process, I found out that I also had a Download.Torjan virus and a Rivarts.A virus.......I am not sure but they may all be related to that same first virus.

In following the previous advice I received, I downloaded various programs to aid in the cleanup. To try and make a long story short, I am now using CCleaner, Ad-Aware, SpywareBlaster, Spybot - Search & Destroy, SpywareGuard, HostMan, Windows Defender, Norton SystemWorks, Ewido Anti-Malware, Webroot Spy Sweeper and Microsoft Malicious Software Removal Tool. I booted up in safe mode and cleaned and cleaned until all of these programs did not show any infected files. Then I booted up in normal mode, shut down my internet connection and re-ran all of the scanning tools. The only program that still found infected files was Webroot's Spy Sweeper. In the Spy Sweeper log file attached below, you will see that it detected "Found System Monitor: potentially rootkit-masked files". Some of the files needed to be removed upon reboot. Upon rebooting, Windows Defender gave me the message that I have a possible Hosts File Hijack. When I look at my host file using HostsMan editor, I see that 684 entries were added to my host file with the comment of "SpySweeperCASS". I guess SpySweeper added these but I am not sure what is going on here. Do I want to leave those entries in the host file? After rebooting, I re-ran the Spy Sweeper scan. The scan still found the potentially rootkit-masked files. How can I get rid of these files so that I can feel safe connecting to the internet again? I have attached my hijackthis and spy sweeper logs below. Thanks in advance for your time and help. :) Brian

Logfile of HijackThis v1.99.1
Scan saved at 11:50:48 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\HostsMan\hm.exe -s
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} (CmdInsReg Class) - https://www.send2fax.com/microsoft-office2003-internet-fax/InsRegControl.cab
O18 - Protocol: bw+0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {86BCA0A7-F916-4B38-9D5B-79D40EA0597D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AAFMBMHY - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AAFMBMHY.exe (file missing)
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

**************************************************
10:48 PM: | Start of Session, Monday, April 03, 2006 |
10:48 PM: Spy Sweeper started
10:48 PM: Sweep initiated using definitions version 648
10:49 PM: Starting Memory Sweep
10:53 PM: Memory Sweep Complete, Elapsed Time: 00:04:28
10:53 PM: Starting Registry Sweep
10:53 PM: Registry Sweep Complete, Elapsed Time:00:00:15
10:53 PM: Starting Cookie Sweep
10:53 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:53 PM: Starting File Sweep
10:53 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.hdr". The system cannot find the path specified
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\program files\\{3868a8ee-5051-4db0-8df6-4f4b8a98d083}\setup.ilg". The system cannot find the path specified
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
10:54 PM: Warning: Failed to open file "c:\program files\\{78f4dfce-1336-4027-bcb2-1a00c24a8653}\setup.ilg". The system cannot find the path specified
10:55 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.hdr". The system cannot find the path specified
10:55 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.hdr". The system cannot find the path specified
10:55 PM: Warning: Failed to open file "c:\program files\\{872653c6-5ddc-488b-b7c2-cf9e4d9335e5}\setup.ilg". The system cannot find the path specified
10:55 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.ilg". The system cannot find the path specified
10:56 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
10:56 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
10:56 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
10:57 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
10:57 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.bmp". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.ilg". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.ilg". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.hdr". The system cannot find the path specified
11:02 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.bmp". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.bmp". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.bmp". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.iss". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\{47808f78-f178-49dc-b708-15fe538b16ff}\setup.ilg". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\setup.inx". The system cannot find the path specified
11:03 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\setup.inx". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.inx". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\layout.bin". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.ilg". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\setup.inx". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\setup.inx". The system cannot find the path specified
11:04 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.hdr". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\layout.bin". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.hdr". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.ilg". The system cannot find the path specified
11:05 PM: Warning: Failed to open file "c:\program files\\{0552a36d-0d7e-4ff5-8fdb-6629aba7c779}\setup.ilg". The system cannot find the path specified
11:06 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.inx". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\setup.ilg". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.inx". The system cannot find the path specified
11:07 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.inx". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.inx". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.hdr". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data2.cab". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.hdr". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.ilg". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\setup.inx". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\setup.inx". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\data1.cab". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{2e088491-2681-46bf-b8e8-e835b121cda3}\data1.cab". The system cannot find the path specified
11:08 PM: Warning: Failed to open file "c:\program files\\{44a537a5-859c-43a6-8285-c0668142a090}\setup.inx". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{fe7a3fe1-af76-44fd-bc70-09868a51887a}\setup.inx". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.ilg". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{4e5e22c2-1386-47ae-8ede-32ddcdcd6653}\setup.ilg". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\data1.cab". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.cab". The system cannot find the path specified
11:09 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{54de0b75-6cd9-44c4-b10a-1f25da9899d8}\setup.inx". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\setup.ilg". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{9f765bd0-b900-4ede-a90b-61c8a9e95c42}\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.cab". The system cannot find the path specified
11:10 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
11:11 PM: Warning: Failed to open file "c:\program files\\{1f7ccfa3-d926-4882-b2a5-a0217ed25597}\data1.hdr". The system cannot find the path specified
11:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data1.hdr". The system cannot find the path specified
11:11 PM: Warning: Failed to open file "c:\program files\\pc-doctor\data1.hdr". The system cannot find the path specified
11:11 PM: Warning: Failed to open file "c:\program files\\{39da87a1-0b26-4562-a70c-2a6147366e47}\data1.hdr". The system cannot find the path specified
11:11 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
11:12 PM: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
11:12 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.ilg". The system cannot find the path specified
11:13 PM: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
11:13 PM: Warning: Failed to open file "c:\program files\\{be20e2f5-1903-4aae-b1af-2046e586c925}\setup.ilg". The system cannot find the path specified
11:13 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\setup.iss". The system cannot find the path specified
11:13 PM: Warning: Failed to open file "c:\program files\\pc-doctor\setup.iss". The system cannot find the path specified
11:14 PM: Warning: Failed to open file "c:\program files\\{5809e7cf-4dcf-11d4-9875-00105ace7734}\data1.hdr". The system cannot find the path specified
11:14 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data1.hdr". The system cannot find the path specified
11:14 PM: Warning: Failed to open file "c:\program files\\{bad59025-5b73-4e12-b789-0028c5a573c2}\data1.hdr". The system cannot find the path specified
11:14 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
11:15 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.inx". The system cannot find the path specified
11:15 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.ilg". The system cannot find the path specified
11:15 PM: Warning: Failed to open file "c:\program files\\{900b1197-53f5-4f46-a882-2cfffe2eedcb}\setup.inx". The system cannot find the path specified
11:16 PM: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
11:16 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
11:17 PM: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\ikernel.ex_". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\ikernel.ex_". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\cui\ikernel.ex_". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\ikernel.ex_". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:18 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:18 PM: Warning: Failed to open file "c:\program files\\{1efba4b2-5000-49a5-a107-0816e10605a1}\setup.inx". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\program files\\pc-doctor\services\data2.cab". The system cannot find the path specified
11:18 PM: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\program files\\{2fce4fc5-6930-40e7-a4f1-f862207424ef}\setup.ilg". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:19 PM: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
11:19 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\data1.cab". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{13413c6c-c640-40b8-917e-ca3062826b18}\setup.ilg". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
11:20 PM: Warning: Failed to open file "c:\program files\\{1007f41f-7d69-468e-8017-3849a5a973c2}\setup.inx". The system cannot find the path specified
11:21 PM: Warning: Failed to open file "c:\program files\\pc-doctor\diagnostics\data2.cab". The system cannot find the path specified
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:21 PM: Warning: Failed to open file "c:\windows\system32\catroot\a
11:28 PM: Found System Monitor: potentially rootkit-masked files
11:28 PM: hints.dat (ID = 0)
11:28 PM: sam (ID = 0)
11:28 PM: regcerts.dat (ID = 0)
11:28 PM: encobject.dat (ID = 0)
11:28 PM: d42cc0c3858a58db2db37658219e6400_caa258c3-d523-4ce1-a630-3cbdffc814a1 (ID = 0)
11:28 PM: hwkeys.dat (ID = 0)
11:28 PM: system.dat (ID = 0)
11:28 PM: 533145ef011ddf5ca3983e2545a902b4_caa258c3-d523-4ce1-a630-3cbdffc814a1 (ID = 0)
11:28 PM: usersids.dat (ID = 0)
11:28 PM: tvt.txt (ID = 0)
11:28 PM: system (ID = 0)
11:28 PM: encobject.dat (ID = 0)
11:28 PM: hwkeys.dat (ID = 0)
11:28 PM: symkeys.dat (ID = 0)
11:28 PM: 1fcc85504dba1d764019e9773e4ff2b0_caa258c3-d523-4ce1-a630-3cbdffc814a1 (ID = 0)
11:28 PM: 643bf774c8c1882bb6b18aea53928108_caa258c3-d523-4ce1-a630-3cbdffc814a1 (ID = 0)
11:28 PM: credhist (ID = 0)
11:28 PM: symkeys.dat (ID = 0)
11:28 PM: 01a18684-2e19-4e14-9c31-bc90046e4d07 (ID = 0)
11:28 PM: 33345301-370f-4258-9736-36dc920ca4ab (ID = 0)
11:28 PM: 8b2445f9-466c-42e6-9642-35ad19c25eb0 (ID = 0)
11:28 PM: a7b713ca-228b-451b-b863-521899fc9c12 (ID = 0)
11:28 PM: e8f9322e-a941-4c1b-a182-ed411d17b98c (ID = 0)
11:28 PM: preferred (ID = 0)
11:28 PM: hibernation.dat (ID = 0)
11:28 PM: File Sweep Complete, Elapsed Time: 00:34:46
11:28 PM: Full Sweep has completed. Elapsed time 00:39:34
11:28 PM: Traces Found: 25
11:29 PM: Removal process initiated
11:29 PM: Quarantining All Traces: potentially rootkit-masked files
11:29 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:29 PM: hints.dat is in use. It will be removed on reboot.
11:29 PM: sam is in use. It will be removed on reboot.
11:29 PM: regcerts.dat is in use. It will be removed on reboot.
11:29 PM: encobject.dat is in use. It will be removed on reboot.
11:29 PM: d42cc0c3858a58db2db37658219e6400_caa258c3-d523-4ce1-a630-3cbdffc814a1 is in use. It will be removed on reboot.
11:29 PM: hwkeys.dat is in use. It will be removed on reboot.
11:29 PM: system.dat is in use. It will be removed on reboot.
11:29 PM: 533145ef011ddf5ca3983e2545a902b4_caa258c3-d523-4ce1-a630-3cbdffc814a1 is in use. It will be removed on reboot.
11:29 PM: usersids.dat is in use. It will be removed on reboot.
11:29 PM: tvt.txt is in use. It will be removed on reboot.
11:29 PM: system is in use. It will be removed on reboot.
11:29 PM: encobject.dat is in use. It will be removed on reboot.
11:29 PM: hwkeys.dat is in use. It will be removed on reboot.
11:29 PM: symkeys.dat is in use. It will be removed on reboot.
11:29 PM: 1fcc85504dba1d764019e9773e4ff2b0_caa258c3-d523-4ce1-a630-3cbdffc814a1 is in use. It will be removed on reboot.
11:29 PM: 643bf774c8c1882bb6b18aea53928108_caa258c3-d523-4ce1-a630-3cbdffc814a1 is in use. It will be removed on reboot.
11:29 PM: credhist is in use. It will be removed on reboot.
11:29 PM: symkeys.dat is in use. It will be removed on reboot.
11:29 PM: 01a18684-2e19-4e14-9c31-bc90046e4d07 is in use. It will be removed on reboot.
11:29 PM: 33345301-370f-4258-9736-36dc920ca4ab is in use. It will be removed on reboot.
11:29 PM: 8b2445f9-466c-42e6-9642-35ad19c25eb0 is in use. It will be removed on reboot.
11:29 PM: a7b713ca-228b-451b-b863-521899fc9c12 is in use. It will be removed on reboot.
11:29 PM: e8f9322e-a941-4c1b-a182-ed411d17b98c is in use. It will be removed on reboot.
11:29 PM: preferred is in use. It will be removed on reboot.
11:29 PM: hibernation.dat is in use. It will be removed on reboot.
11:29 PM: Preparing to restart your computer. Please wait...
11:29 PM: Removal process completed. Elapsed time 00:00:32
11:36 PM: Warning: Access is denied

2
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by D3m3nt3d
0

Because of the technology that Spysweeper uses, alot of times it alarms you of potentially masked rootkit files. Typically this is nothing to be alarmed about as it only looks for differences between the disk and what Windows reports back. This is not definition based.

We can have a look at a Blacklight Scan to see if you have a rootkit.

Download and install Blacklight Beta
-- Once you’ve installed it, Click Scan
-- DO NOT have it Fix or Rename anything yet
-- A Log should pop up – Please save that submit it for me

0

Upon completion of the scan for hidden processes and hidden files and folders, no hidden items were found. The Blacklight Beta log is attached below.

Just FYI, related to my previous post, the rootkit that Spy Sweeper found kept appearing in normal mode. When I ran the Spy Sweeper scan in safe mode, that rootkit was not found.

Related to this issue, I have four questions. 1) Did my hijackthis log in my previous post look clean? 2) Is it okay that Ad-Aware is finding one negligable item (what looks like a log file tracking recent files that I have opened)? 3) What are your thoughts on the additions to my host file with the comment of "SpySweeperCASS"....should I clear out all the host files or leave them as is? 4) Do you think this computer is clean enough to go back online?

Thanks for your help. Brian

04/04/06 10:45:45 [Info]: BlackLight Engine 1.0.35 initialized
04/04/06 10:45:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/04/06 10:45:48 [Note]: 7019 4
04/04/06 10:45:48 [Note]: 7005 0
04/04/06 10:46:14 [Note]: 7006 0
04/04/06 10:46:14 [Note]: 7011 1828
04/04/06 10:46:14 [Note]: 7026 0
04/04/06 10:46:15 [Note]: 7026 0
04/04/06 10:46:15 [Note]: FSRAW library version 1.7.1015
04/04/06 11:13:18 [Note]: 7007 0

0

Oh, I forgot to mention, that Blacklight scan was made in normal mode. It was not specified if I should run it in safe mode or not. Since Spy Sweeper was detecting the rootkit in normal mode, I elected to run the Blacklight scan in normal mode as well. Thanks.

0

1. Your HijackThis log looks fine. To clean it up a bit I would uninstall Logitech Desktop messenger if you do not use it.

2. Could you let me know what the file is, and the location in which Adaware is finding this file? If it's an MRU - it's harmless

3. As for hosts files, I leave mine as is, but I do not discourage the use of the MVPS Hosts File It is all personal preference there.

4. It does appear that you are clean, and have adequate protection to go online.

One thing I would note, I do not see that this PC is using Sun Java, I would recommend installing it and using it - then looking in Add/Remove Programs and uninstalling any forms of Windows Java

Sun Java
http://www.java.com/en/download/manual.jsp

Java Runtime Environment
http://java.sun.com/j2se/1.4.2/download.html

0

1. Done.
2. It is an MRU list type file. It is located at C:\Documents and settings\Administrator\recent. Per your posting, I will assume that this is a non-issue.
3. Thanks for the advice.
4. Thanks.

I will try installing Sun Java as well. I think we can close out this thread. Thanks for all your help=) Brian

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.