Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

ROOTKIT.AGENT (QBIDWZ) wont go away

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 16th, 2010, 5:40 am

Malwarebytes is telling me ROOTKIT.AGENT is present ( QBIDWZ.SYS ) - it is not deleted upon Rebooting. As yet, I have not experienced any pop ups although recently, I did get a message that AVGTRAY had been removed. Yesterday, thye machine would not boot and so I had to do an XP Repair install - XP has been loaded up to SP 3.

Thankyou for your help

Here is the Highjackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:25, on 16/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/C ... _Win32.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/33.06/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4571785562
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0680357593
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} (Bonusprint Image Uploader Version 6.x Control) - http://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://smarthumanlogistics.webex.com/c ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1678CC5-DC47-40D3-84CE-F00E0E69C957}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10703 bytes


Here is the COMBOFIX LOG as requested

ComboFix 10-09-15.01 - Rob Leach 16/09/2010 8:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.160 [GMT 1:00]
Running from: c:\documents and settings\Rob Leach\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F4C1AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8248B4DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {827A0B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8295A2A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {BADB0D00-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D184E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DC3C44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE3DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E3ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E6C334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EE4334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EF4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F15DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F25A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F314B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F42054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5235C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F58DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F62054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7B9CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F8F35C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA75F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB2DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC6914-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD73DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDA054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDBB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FE5054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FED054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FF12C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82005DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200761C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82010DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201369C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8202B334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82035BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82039054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204CB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204DDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82066924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8206E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820812BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8208D054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82090DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209156C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82094BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209E5F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820A5A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AD054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AE2BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820BE054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820E8B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820ED69C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820F3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820FF5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821019A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8210D62C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82114054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82128DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8212E5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82134CA4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82144054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8214E784-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82150DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82171C0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8218E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821A2974-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82263DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822C1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822F7054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823AD23C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823BE5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823D0054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823E63E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F1864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8240F054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428C74-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428CE4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82432DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82436DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82437DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243E8BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82457BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8247740C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82477A6C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82484DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824898AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8249239C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824954B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824959A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B158C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B6A44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824D99BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824EB67C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824FA9F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82500AEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825612D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82564924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8257C7BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825A4DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825D15CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8270EBFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8271180C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827286BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827296CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82736DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82739724-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273BDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273E59C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82741594-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827453BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82750B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82753DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82758DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82759DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8275FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276233C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276D3AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82777704-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82778924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278A91C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278CCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82791DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82792844-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82796864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8279E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A05A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A948C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B23BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B9294-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827BD4D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827D42DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827DADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E24E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E4984-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827EF054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8281741C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82817CC4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82822054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82834804-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82838B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82880B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828AA538-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CAC24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CDDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CEA9C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828DA9B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828F8934-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8290CDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8292A054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293CC44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82979DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8297A504-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82981ADC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82982B5C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829832E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829911CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299243C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299B324-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829B82CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829BAD0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A3A7AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A8531C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A9BCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82B1ADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FEACA474-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF1695CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF74C5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB68054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB722C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB72DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB7A9D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBB6054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBBADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pamela\Application Data\alot
c:\documents and settings\Pamela\Application Data\Dealio
c:\documents and settings\Pamela\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Pamela\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Rob Leach\Application Data\alot
c:\documents and settings\Rob Leach\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Rob Leach\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Rob Leach\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Rob Leach\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\products\products.xml
c:\documents and settings\Rob Leach\Application Data\alot\products\products.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Rob Leach\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\1600_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\1600_icon.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\default_1520_alot_par_tips.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\default_1520_alot_par_tips.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Rob Leach\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\toolbar.xml
c:\documents and settings\Rob Leach\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Rob Leach\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Rob Leach\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Rob Leach\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Rob Leach\Application Data\Dealio
c:\documents and settings\Rob Leach\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Rob Leach\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\windows\daemon.dll
c:\windows\desktop
c:\windows\desktop\directory scanner 1.8.lnk
c:\windows\ewuvudamumokek.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-15 20:19 . 2010-09-15 20:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-15 19:24 . 2010-09-15 19:24 -------- d-----w- c:\program files\Sophos
2010-09-15 19:11 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-15 19:11 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-15 19:11 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-15 17:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-15 17:46 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-15 17:46 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-15 17:46 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 17:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-15 17:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-15 17:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-15 17:43 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-15 17:43 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-15 17:43 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-15 17:43 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-15 17:43 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-15 17:43 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-15 17:43 . 2010-06-24 16:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-15 17:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-15 17:39 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-15 17:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-09-15 17:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\windows\dell
2010-09-15 16:21 . 2004-08-12 14:09 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-15 16:21 . 2004-08-12 14:09 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-15 16:19 . 2004-08-12 13:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-09-15 16:18 . 2004-08-12 13:56 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-09-15 16:16 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-15 15:58 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-15 15:58 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-02 07:36 . 2010-09-02 07:36 -------- d-sh--w- c:\documents and settings\Pamela\IECompatCache
2010-08-26 08:47 . 2010-08-26 08:59 -------- d-----w- c:\program files\Game_Maker8
2010-08-25 16:11 . 2010-08-25 16:17 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Recolored
2010-08-22 18:03 . 2010-08-27 17:03 120 ----a-w- c:\windows\Kvaxurizevuladi.dat
2010-08-22 18:03 . 2010-08-27 09:37 0 ----a-w- c:\windows\Ijeko.bin
2010-08-22 18:03 . 2010-08-22 18:03 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\{EE05DBD9-60A5-46A1-AB87-419928FDB750}
2010-08-22 14:07 . 2010-08-22 14:07 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 13:04 . 2010-08-22 13:04 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}
2010-08-22 13:03 . 2010-08-22 15:27 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\puxjmjdvd
2010-08-22 13:03 . 2010-09-16 08:04 785408 ----a-w- c:\windows\system32\drivers\qbidwz.sys
2010-08-17 13:17 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 08:01 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-16 08:01 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-16 05:51 . 2009-02-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-15 19:13 . 2004-08-10 13:13 79027 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-09-15 16:32 . 2005-03-05 15:25 113320 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 16:15 . 2004-08-10 13:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-09 16:18 . 2010-04-27 06:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 12:07 . 2007-12-27 08:00 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\BitTorrent
2010-09-02 15:53 . 2006-11-25 10:34 -------- d-----w- c:\program files\SpywareBlaster
2010-08-19 10:09 . 2009-09-04 06:17 -------- d-----w- c:\program files\Ken Rename
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 05:06 . 2008-01-19 15:28 -------- d-----w- c:\program files\Songbeat
2010-08-05 05:03 . 2005-03-02 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 04:58 . 2010-05-19 15:54 -------- d-----w- c:\program files\Red Chair Software
2010-07-29 06:57 . 2010-07-29 06:57 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Cycling '74
2010-07-29 06:48 . 2006-04-07 17:33 -------- d-----w- c:\program files\PhotoArtMaster Classic
2010-07-29 06:47 . 2007-08-20 20:52 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-07-28 12:23 . 2010-07-28 12:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\gtk-2.0
2010-07-28 11:54 . 2007-10-23 05:56 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\AVS4YOU
2010-07-28 11:54 . 2010-07-09 13:31 -------- d-----w- c:\program files\AVS4YOU
2010-07-26 21:09 . 2009-06-19 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-26 20:04 . 2010-07-26 20:04 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-18 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 16:42 . 2009-03-31 07:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 16:42 . 2010-07-16 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 16:41 . 2009-03-31 07:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 16:28 . 2006-05-14 17:26 112936 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-12 14:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 14:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-12 14:06 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2009-03-05 19:32 . 2009-03-05 19:31 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-12-29 20:58 . 2007-12-29 20:58 33426015 ----a-w- c:\program files\Common Files\data.dpk
2006-05-03 09:06 . 2008-08-12 08:27 163328 --sha-r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-08-12 08:27 31232 --sha-r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-08-12 08:27 216064 --sha-r- c:\windows\SYSTEM32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 16:42 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^Notmad Manager.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\Notmad Manager.lnk
backup=c:\windows\pss\Notmad Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 16:27 110592 ----a-w- c:\windows\SYSTEM32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-06 20:07 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 16:45 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 16:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 11:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-12-12 10:23 2236416 ----a-w- c:\windows\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 13:17 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 13:20 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-08 17:43 1953792 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-11 17:10 4583424 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 18:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-08 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-01-15 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d347bus;d347bus;c:\windows\SYSTEM32\DRIVERS\d347bus.sys [11/09/2005 10:20 155136]
R0 d347prt;d347prt;c:\windows\SYSTEM32\DRIVERS\d347prt.sys [11/09/2005 10:20 5248]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [31/03/2009 07:45 64160]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/02/2009 21:10 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [31/03/2009 08:52 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [31/03/2009 08:52 243024]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 17:42 308136]
S1 clmhufow;clmhufow;\??\c:\windows\system32\drivers\clmhufow.sys --> c:\windows\system32\drivers\clmhufow.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2010 14:43 136176]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\SYSTEM32\DRIVERS\BUSB2902.sys [05/11/2007 11:54 110272]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\SYSTEM32\DRIVERS\mausbmr.sys [16/02/2010 18:41 124800]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\SYSTEM32\DRIVERS\LV532AV.SYS [21/04/2005 13:12 152576]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - qbidwz
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-30 19:44]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{AA2B31D1-1639-48B5-BD6F-841FB6A9896D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E7B292D1-9F90-4728-AB45-9512483DC2FB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
TCP: {D1678CC5-DC47-40D3-84CE-F00E0E69C957} = 192.168.0.1
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 09:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qbidwz]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90124BF-EFC2-E9ED-E1C0-275EB787C177}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaemodbinpkdimicdj"=hex:6b,61,6c,65,61,66,63,62,61,6d,61,63,70,63,62,70,69,61,
6c,67,61,6c,00,00
"haolhigcgnmjdgmc"=hex:6b,61,69,65,67,66,67,70,62,6f,66,66,6d,6e,65,67,6e,68,
6b,66,6c,6e,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\KService\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG9\avgnsx.exe
.
**************************************************************************
.
Completion time: 2010-09-16 09:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 08:11

Pre-Run: 50,445,377,536 bytes free
Post-Run: 50,849,857,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 91333C72FE686BDB2BE20C15BF0FF5C0
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top
Advertisement
Register to Remove

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby MWR 3 day Mod » September 19th, 2010, 11:16 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 20th, 2010, 12:08 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================

Combofix's developer sUBs never intended the tool to be for general, unsupervised use, hence the disclaimer
This tool is meant for private use and should not be used in an unsupervised environment.

NonSuch also gave you the information here.

==================================


DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or keeps resulting in a BSoDs, uncheck Devices on the right side before scanning -- If you continue to encounter problems, try running GMER in >> safe mode <<

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.




In your next reply:
  1. DDS.txt
  2. Attach.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 20th, 2010, 12:53 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob Leach at 17:40:28.85 on 20/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.257 [GMT 1:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8214E784-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E4984-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82134CA4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82171C0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC6914-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204CB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82150DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82B1ADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {BADB0D00-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821A2974-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82880B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278CCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E3ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82005DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8297A504-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBBADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82750B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F314B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDA054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82432DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829911CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823BE5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273E59C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823E63E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209E5F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82778924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F62054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB722C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82263DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820F3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82094BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201369C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F58DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A8531C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F8F35C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299B324-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B6A44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBB6054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827DADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827BD4D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82982B5C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827296CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827D42DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82792844-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82564924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8290CDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8218E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82777704-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822F7054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824D99BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82817CC4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428C74-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD73DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB2DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820A5A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82436DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276233C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AD054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDBB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A9BCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EF4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CEA9C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200761C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827286BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FED054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82834804-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8210D62C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820ED69C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA75F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823AD23C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825612D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276D3AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82039054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE3DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FF12C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82500AEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82114054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82010DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82979DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8248B4DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB7A9D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209156C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EE4334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824954B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82066924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF1695CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82437DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828AA538-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82759DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273BDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82477A6C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FE5054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8271180C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E6C334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F4C1AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82090DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E24E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8281741C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DC3C44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825A4DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243E8BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F15DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8279E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293CC44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8247740C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FEACA474-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8208D054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82035BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827EF054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828F8934-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828DA9B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822C1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820FF5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82484DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A05A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {827A0B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82758DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82796864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82822054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B158C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82753DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827453BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823D0054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824FA9F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829B82CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AE2BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8275FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82128DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B9294-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F1864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8295A2A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D184E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204DDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8270EBFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8292A054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299243C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82457BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B23BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8257C7BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829BAD0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF74C5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8206E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82739724-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82981ADC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F25A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428CE4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8202B334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A3A7AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82741594-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB68054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82736DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CDDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278A91C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8240F054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB72DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824898AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8212E5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CAC24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5235C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820E8B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8249239C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824959A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82144054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821019A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7B9CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A948C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F42054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825D15CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820BE054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820812BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824EB67C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829832E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82838B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82791DDC-FFA4-00DC-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\KService\KService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rob Leach\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan ... stubie.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/33.06/uploader2.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 4571785562
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0680357593
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads ... ofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads ... ofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads ... ofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/Me ... b31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - hxxp://support.euro.dell.com/global/app ... OFILER.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnme ... loader.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/Fac ... der4_5.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crl ... crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: {D1678CC5-DC47-40D3-84CE-F00E0E69C957} = 192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-9-11 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-9-11 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 243024]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S1 clmhufow;clmhufow;\??\c:\windows\system32\drivers\clmhufow.sys --> c:\windows\system32\drivers\clmhufow.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2007-11-5 110272]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\drivers\mausbmr.sys [2010-2-16 124800]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2005-4-21 152576]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-15 16:15:24 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 16:42:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-03-05 19:32:17 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-12-29 20:58:47 33426015 ----a-w- c:\program files\common files\data.dpk
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2008-09-18 06:07:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 17:41:25.48 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 15/09/2010 17:21:17
System Uptime: 20/09/2010 07:20:43 (10 hours ago)

Motherboard: Dell Inc. | | 0U7084
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 47.615 GiB free.
D: is CDROM (UDF)
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 15/09/2010 17:28:53 - System Checkpoint
RP2: 15/09/2010 18:12:58 - Installed Windows Internet Explorer 8.
RP3: 15/09/2010 18:32:57 - Software Distribution Service 3.0
RP4: 15/09/2010 20:03:55 - Installed Windows XP Service Pack 3.
RP5: 15/09/2010 20:15:36 - Installed Windows XP KB938464.
RP6: 15/09/2010 21:04:19 - Software Distribution Service 3.0
RP7: 15/09/2010 22:21:21 - Software Distribution Service 3.0
RP8: 16/09/2010 07:04:03 - Software Distribution Service 3.0
RP9: 16/09/2010 07:30:13 - Software Distribution Service 3.0
RP10: 16/09/2010 10:33:00 - Installed HiJackThis
RP11: 18/09/2010 10:15:08 - System Checkpoint
RP12: 19/09/2010 19:54:58 - System Checkpoint

==== Installed Programs ======================


Acoustica MP3 Audio Mixer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
ALOT Toolbar
Amazon MP3 Downloader 1.0.9
Applian FLV Player
Audacity 1.2.3
AudioShell 1.3.5
AVG Free 9.0
AVI/MPEG/RM/WMV Joiner 4.81
AVS DVD Authoring
AVS Photo Editor
AVS Update Manager 1.0
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
BEHRINGER USB AUDIO DRIVER
Better File Rename 5.5
BHODemon 2.0.0.23
BitTorrent
Broadcom Advanced Control Suite 2
BUM
Canon iP4700 series Printer Driver
Canon iP4700 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Coupon Printer
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
DAEMON Tools
Dealio Toolbar v4.0.2
Dell Driver Reset Tool
DFX for Windows Media Player
Directory Lister v0.9.1
DivX 5.0.2 Bundle
DivxToDVD 0.5.2
DNA
Drv
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Rescue
EPSON Printer Software
Express Burn Uninstall
Fast Track USB
Fellowes/NEATO MediaFACE
Free 3GP Video Converter version 3.2
Freez FLV to AVI/MPEG/WMV Converter
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
IrfanView (remove only)
iWisoft Free Video Converter 1.2
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
KaraFun 1.18
Ken Rename 0.88
KODAK EASYSHARE Gallery Easy Upload, v2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
KRISTAL Audio Engine
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Memeo Instant Backup
Micro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Standard Edition 2003
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mixxx 1.7.2
Modem Event Monitor
Modem Helper
Modem On Hold
Moyea FLV Downloader version 1.13.0.10
Moyea FLV Player version 1.3.2.3
Moyea FLV to Video Converter Pro 2 version: 2.0.1.0
MP3 Indexer 1.3.0.8
MS Access 97 SP2
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.4.1
Native Instruments Guitar Combos Behringer Edition
Nero 6 Ultra Edition
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
Panda ActiveScan 2.0
Perspector 4.2.1
Photo Story 3 for Windows
Playlist Creator 3.6.2
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.3
PPTminimizer
Prism Video Converter
QuickTime
RCT3 Soaked
RealPlayer
RollerCoaster Tycoon 3
Rosoft Audio Recorder, Sponsored Edition, Release, 4.1.3
Roxio Easy DVD Copy 2
SAGEM F@st 800-840
Screenblast ACID XPress 4.0b
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Smart Menus (Windows Live Toolbar)
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sophos Anti-Rootkit 1.5.4
Sound Blaster Audigy 2
Sound Forge 5.0
Spotify
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SSC Service Utility v4.00
SUPER © Version 2008.bld.32 (July 8, 2008)
Switch
Tag&Rename 3.5.6
Tinynice MP3Cutter 2.1.5
TomTom HOME 2.5.2.60
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC_MergeModuleToMSI
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual MP3 Splitter & Joiner 6.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinFF 0.33
WinRAR archiver
XviD MPEG-4 Video Codec
XVid;-)
YouTube Downloader 2.5.6

==== Event Viewer Messages From Past Week ========

18/09/2010 07:35:32, error: Service Control Manager [7034] - The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s).
16/09/2010 09:02:42, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
15/09/2010 21:42:15, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB952954).
15/09/2010 21:37:58, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB950974).
15/09/2010 21:11:18, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB951748).
15/09/2010 17:58:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
15/09/2010 17:26:16, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
15/09/2010 17:24:35, error: Cdrom [15] - The device, \Device\CdRom4, is not ready for access yet.
15/09/2010 17:24:33, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
15/09/2010 17:17:07, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
15/09/2010 09:33:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
15/09/2010 09:33:19, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/09/2010 08:50:05, error: Service Control Manager [7022] - The KService service hung on starting.

==== End Of File ===========================



Hello - When I try and run GMER I get the error message " GMER has encountered an error ... to submit to Microsoft.. etc
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 20th, 2010, 1:28 pm

Hi

Try the following

RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. UNcheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. (eg. desktop) then Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Note: Do not run any programs while RKUnHooker is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 20th, 2010, 2:09 pm

Hello - here is the details you requested - I really appreciate your help.. Thanks.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3723264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 66.84 )
0xF7342000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2740224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 66.84 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF69AF000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xF84AA000 qbidwz.sys 815104 bytes
0xF2FAE000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 774144 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF644A000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF82B8000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB87D3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 479232 bytes
0xF83E6000 iaStor.sys 479232 bytes (Intel Corporation, Intel Application Accelerator driver)
0xF60AC000 C:\WINDOWS\system32\drivers\ctaud2k.sys 458752 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xB888D000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5C11000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xED8FF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB6D2E000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB657E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB3580000 C:\WINDOWS\system32\DRIVERS\rt73.sys 245760 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xED8C5000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB8859000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF85A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7224000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB6E25000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF828B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF83A1000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xF5E7E000 C:\WINDOWS\system32\drivers\ctoss2k.sys 176128 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB3508000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB88FD000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB894A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8582000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)
0xB8972000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB6CBA000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5F8D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7142000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6FE3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB8928000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF2F54000 C:\WINDOWS\System32\drivers\ctac32k.sys 131072 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF8381000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF2F34000 C:\WINDOWS\System32\drivers\hap16v2k.sys 131072 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xF2F74000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 126976 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF848B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF2F93000 C:\WINDOWS\System32\drivers\emupia2k.sys 110592 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF8271000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF83CD000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF845B000 98304 bytes
0xF8473000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB3DBD000 C:\DOCUME~1\ROBLEA~1\LOCALS~1\Temp\agtdapow.sys 94208 bytes
0xF8358000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5CD0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB6B3D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5CE7000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF730E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xED958000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8345000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF836F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8571000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5CBF000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8848000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF87A7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8787000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF81E1000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8727000 sfdrv01.sys 65536 bytes (Protection Technology, StarForce Protection Environment Driver)
0xF77EB000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8221000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7F37000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF86E7000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF87B7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF364B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF379E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8677000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF8647000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF86D7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8201000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF87C7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF86B7000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF86A7000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF87E7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8737000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8767000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF8747000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF8757000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB8B42000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF81D1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF87D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8717000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF85F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF37CE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8697000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF8667000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF8707000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7F07000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF86C7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF31DD000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8797000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7F17000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8B52000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB5A0F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF86F7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8657000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF8687000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF7851000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8957000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF892F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEFC8E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88F7000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF88B7000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF88C7000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF891F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF889F000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF8967000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF89B7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF88E7000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF8877000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88EF000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF88BF000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF5C6F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF88CF000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF88D7000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xEBBD5000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8997000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF89EF000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF89A7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8887000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF888F000 sfsync02.sys 24576 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0xF89E7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8927000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88DF000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF895F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF88AF000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF88A7000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF8917000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF893F000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF887F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF899F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF89FF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8897000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF8907000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF35E5000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A0F000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF8A1B000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xB6B6A000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF8A23000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF8A0B000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF8A13000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF8A1F000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF8189000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF80FC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB6F6A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB6C1A000 C:\WINDOWS\system32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF815C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8A17000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF8A07000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF3083000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8158000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8ADB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF3073000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8114000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF668E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8AFB000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8BA7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B05000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF8BB3000 C:\Program Files\321Studios\Shared\CDRPDACC.SYS 8192 bytes (Arrowkey, CD Device Access)
0xF8AFD000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF8B39000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF8B07000 d347prt.sys 8192 bytes ( , SCSI miniport)
0xF8BA5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B03000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8AF7000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8BA9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B09000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF8BAB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B47000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8AFF000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF8B5D000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B01000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8AF9000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8CD7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D00000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8CBC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BBF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x828CC2B8 unknown_irp_handler 3400 bytes
0x82F892E8 unknown_irp_handler 3352 bytes
0x82F59618 unknown_irp_handler 2536 bytes
0x820F3728 unknown_irp_handler 2264 bytes
0x820EE768 unknown_irp_handler 2200 bytes
0x821F5840 unknown_irp_handler 1984 bytes
0x82A44920 unknown_irp_handler 1760 bytes
0x829659F8 unknown_irp_handler 1544 bytes
0x82113C00 unknown_irp_handler 1024 bytes
0x82FDBC10 unknown_irp_handler 1008 bytes
0x821C7D90 unknown_irp_handler 624 bytes
0x82156E60 unknown_irp_handler 416 bytes
==============================================
>Stealth
==============================================
0xED99F570 Unknown thread object [ ETHREAD 0x81FA1310 ] , 600 bytes
0xED993190 Unknown thread object [ ETHREAD 0x81FAA5A0 ] , 600 bytes
0xB3D95570 Unknown thread object [ ETHREAD 0xFE2B3DA8 ] , 600 bytes
0xB3D89190 Unknown thread object [ ETHREAD 0xFE943598 ] , 600 bytes
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 20th, 2010, 2:25 pm

Hi

ComboFix (by sUBs)

Firstly delete the copy of combofix you already have on your desktop. Then download a fresh copy from here.

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 20th, 2010, 2:59 pm

Here we go - here is the log - I cannt help notice references to AVIR - havent used that for a long time - thought it had been deleted.. oh well..

ComboFix 10-09-20.01 - Rob Leach 20/09/2010 19:41:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.181 [GMT 1:00]
Running from: c:\documents and settings\Rob Leach\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F4C1AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8248B4DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {827A0B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8295A2A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {BADB0D00-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D184E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DC3C44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE3DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E3ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E6C334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EE4334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EF4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F15DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F25A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F314B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F42054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5235C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F58DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F62054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7B9CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F8F35C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA75F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB2DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC6914-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD73DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDA054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDBB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FE5054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FED054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FF12C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82005DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200761C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82010DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201369C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8202B334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82035BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82039054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204CB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204DDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82066924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8206E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820812BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8208D054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82090DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209156C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82094BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209E5F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820A5A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AD054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AE2BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820BE054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820E8B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820ED69C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820F3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820FF5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821019A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8210D62C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82114054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82128DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8212E5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82134CA4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82144054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8214E784-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82150DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82171C0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8218E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821A2974-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82263DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822C1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822F7054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823AD23C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823BE5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823D0054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823E63E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F1864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8240F054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428C74-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428CE4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82432DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82436DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82437DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243E8BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82457BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8247740C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82477A6C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82484DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824898AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8249239C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824954B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824959A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B158C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B6A44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824D99BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824EB67C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824FA9F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82500AEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825612D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82564924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8257C7BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825A4DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825D15CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8270EBFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8271180C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827286BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827296CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82736DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82739724-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273BDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273E59C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82741594-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827453BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82750B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82753DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82758DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82759DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8275FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276233C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276D3AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82777704-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82778924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278A91C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278CCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82791DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82792844-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82796864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8279E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A05A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A948C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B23BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B9294-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827BD4D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827D42DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827DADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E24E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E4984-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827EF054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8281741C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82817CC4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82822054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82834804-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82838B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82880B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828AA538-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CAC24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CDDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CEA9C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828DA9B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828F8934-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8290CDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8292A054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293CC44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82979DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8297A504-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82981ADC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82982B5C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829832E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829911CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299243C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299B324-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829B82CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829BAD0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A3A7AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A8531C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A9BCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82B1ADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FEACA474-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF1695CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF74C5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB68054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB722C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB72DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB7A9D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBB6054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBBADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-16 16:50 . 2010-09-16 16:50 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Amazon
2010-09-16 16:49 . 2010-09-16 16:49 -------- d-----w- c:\program files\Amazon
2010-09-16 10:18 . 2010-09-16 10:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Memeo
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\program files\Common Files\Memeo
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\program files\Memeo
2010-09-16 09:33 . 2010-09-16 09:33 388096 ----a-r- c:\documents and settings\Rob Leach\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-16 09:33 . 2010-09-16 09:33 -------- d-----w- c:\program files\Trend Micro
2010-09-15 20:19 . 2010-09-15 20:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-15 19:24 . 2010-09-15 19:24 -------- d-----w- c:\program files\Sophos
2010-09-15 19:11 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-15 19:11 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-15 19:11 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-15 17:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-15 17:46 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-15 17:46 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-15 17:46 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 17:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-15 17:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-15 17:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-15 17:43 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-15 17:43 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-15 17:43 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-15 17:43 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-15 17:43 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-15 17:43 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-15 17:43 . 2010-06-24 16:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-15 17:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-15 17:39 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-15 17:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-09-15 17:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\windows\dell
2010-09-15 16:21 . 2004-08-12 14:09 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-15 16:21 . 2004-08-12 14:09 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-15 16:19 . 2004-08-12 13:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-09-15 16:18 . 2004-08-12 13:56 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-09-15 16:16 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-15 15:58 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-15 15:58 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-02 07:36 . 2010-09-02 07:36 -------- d-sh--w- c:\documents and settings\Pamela\IECompatCache
2010-08-26 08:47 . 2010-08-26 08:59 -------- d-----w- c:\program files\Game_Maker8
2010-08-25 16:11 . 2010-08-25 16:17 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Recolored
2010-08-22 18:03 . 2010-08-27 17:03 120 ----a-w- c:\windows\Kvaxurizevuladi.dat
2010-08-22 18:03 . 2010-08-27 09:37 0 ----a-w- c:\windows\Ijeko.bin
2010-08-22 18:03 . 2010-08-22 18:03 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\{EE05DBD9-60A5-46A1-AB87-419928FDB750}
2010-08-22 14:07 . 2010-08-22 14:07 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 13:04 . 2010-08-22 13:04 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}
2010-08-22 13:03 . 2010-08-22 15:27 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\puxjmjdvd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 18:32 . 2009-02-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-19 20:23 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-19 20:23 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-16 15:27 . 2005-03-06 11:37 -------- d-----w- c:\program files\BHODemon 2
2010-09-15 19:13 . 2004-08-10 13:13 79027 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-09-15 16:32 . 2005-03-05 15:25 113320 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 16:15 . 2004-08-10 13:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-09 16:18 . 2010-04-27 06:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 12:07 . 2007-12-27 08:00 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\BitTorrent
2010-09-02 15:53 . 2006-11-25 10:34 -------- d-----w- c:\program files\SpywareBlaster
2010-08-19 10:09 . 2009-09-04 06:17 -------- d-----w- c:\program files\Ken Rename
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 05:06 . 2008-01-19 15:28 -------- d-----w- c:\program files\Songbeat
2010-08-05 05:03 . 2005-03-02 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 04:58 . 2010-05-19 15:54 -------- d-----w- c:\program files\Red Chair Software
2010-07-29 06:57 . 2010-07-29 06:57 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Cycling '74
2010-07-29 06:48 . 2006-04-07 17:33 -------- d-----w- c:\program files\PhotoArtMaster Classic
2010-07-29 06:47 . 2007-08-20 20:52 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-07-28 12:23 . 2010-07-28 12:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\gtk-2.0
2010-07-28 11:54 . 2007-10-23 05:56 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\AVS4YOU
2010-07-28 11:54 . 2010-07-09 13:31 -------- d-----w- c:\program files\AVS4YOU
2010-07-26 21:09 . 2009-06-19 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-26 20:04 . 2010-07-26 20:04 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-18 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 16:42 . 2009-03-31 07:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 16:42 . 2010-07-16 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 16:41 . 2009-03-31 07:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 16:28 . 2006-05-14 17:26 112936 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-12 14:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 14:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-03-05 19:32 . 2009-03-05 19:31 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-12-29 20:58 . 2007-12-29 20:58 33426015 ----a-w- c:\program files\Common Files\data.dpk
2006-05-03 09:06 . 2008-08-12 08:27 163328 --sha-r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-08-12 08:27 31232 --sha-r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-08-12 08:27 216064 --sha-r- c:\windows\SYSTEM32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 16:42 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=c:\windows\pss\BHODemon 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^Notmad Manager.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\Notmad Manager.lnk
backup=c:\windows\pss\Notmad Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 16:27 110592 ----a-w- c:\windows\SYSTEM32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-06 20:07 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 16:45 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 16:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 11:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 05:00 44032 ----a-w- c:\windows\IME\IMKR6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 21:32 208952 ----a-w- c:\windows\IME\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-12-12 10:23 2236416 ----a-w- c:\windows\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 13:17 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 13:20 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2010-04-23 00:33 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-08 17:43 1953792 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-11 17:10 4583424 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 18:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-08 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-01-15 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d347bus;d347bus;c:\windows\SYSTEM32\DRIVERS\d347bus.sys [11/09/2005 10:20 155136]
R0 d347prt;d347prt;c:\windows\SYSTEM32\DRIVERS\d347prt.sys [11/09/2005 10:20 5248]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [31/03/2009 07:45 64160]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/02/2009 21:10 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [31/03/2009 08:52 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [31/03/2009 08:52 243024]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 17:42 308136]
S1 clmhufow;clmhufow;\??\c:\windows\system32\drivers\clmhufow.sys --> c:\windows\system32\drivers\clmhufow.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2010 14:43 136176]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23/04/2010 01:33 25824]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\SYSTEM32\DRIVERS\BUSB2902.sys [05/11/2007 11:54 110272]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\SYSTEM32\DRIVERS\mausbmr.sys [16/02/2010 18:41 124800]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\SYSTEM32\DRIVERS\LV532AV.SYS [21/04/2005 13:12 152576]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AGTDAPOW
*NewlyCreated* - NORMANDY
*Deregistered* - agtdapow
*Deregistered* - Normandy
*Deregistered* - qbidwz
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-30 19:44]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{AA2B31D1-1639-48B5-BD6F-841FB6A9896D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]

2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{E7B292D1-9F90-4728-AB45-9512483DC2FB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
TCP: {D1678CC5-DC47-40D3-84CE-F00E0E69C957} = 192.168.0.1
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 19:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90124BF-EFC2-E9ED-E1C0-275EB787C177}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaemodbinpkdimicdj"=hex:6b,61,6c,65,61,66,63,62,61,6d,61,63,70,63,62,70,69,61,
6c,67,61,6c,00,00
"haolhigcgnmjdgmc"=hex:6b,61,69,65,67,66,67,70,62,6f,66,66,6d,6e,65,67,6e,68,
6b,66,6c,6e,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
.
Completion time: 2010-09-20 19:56:38
ComboFix-quarantined-files.txt 2010-09-20 18:56
ComboFix2.txt 2010-09-16 08:11

Pre-Run: 51,100,790,784 bytes free
Post-Run: 51,144,118,272 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 26C5C8D29FCF2946CA6A3B8A62F44E66
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 20th, 2010, 4:09 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:
BitTorrent
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate BitTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

Post back to confirm removal of BitTorrent.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 20th, 2010, 4:56 pm

BitTorrent has been deleted
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 20th, 2010, 5:16 pm

Hi

Read the instruction below carefully. If you envisage any problems copying and pasting the CFScript - Let me Know.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below. Do not include the word Code:


    Code: Select all
    SecCenter::
{8214E784-FFA4-00DC-0D24-347CA8A3377C}
{827E4984-FFA4-00DC-0D24-347CA8A3377C}
{82134CA4-FFA4-00DC-0D24-347CA8A3377C}
{82171C0C-FFA4-00DC-0D24-347CA8A3377C}
{81FC6914-FFA4-00DC-0D24-347CA8A3377C}
{8204CB64-FFA4-00DC-0D24-347CA8A3377C}
{82150DDC-FFA4-00DC-0D24-347CA8A3377C}
{82B1ADDC-FFA4-00DC-0D24-347CA8A3377C}
{BADB0D00-FFA4-00FF-0D24-347CA8A3377C}
{821A2974-FFA4-00DC-0D24-347CA8A3377C}
{8200E054-FFA4-00DC-0D24-347CA8A3377C}
{82880B24-FFA4-00DC-0D24-347CA8A3377C}
{8278CCEC-FFA4-00DC-0D24-347CA8A3377C}
{81E3ABFC-FFA4-00DC-0D24-347CA8A3377C}
{82005DDC-FFA4-00DC-0D24-347CA8A3377C}
{8297A504-FFA4-00DC-0D24-347CA8A3377C}
{FFBBADDC-FFA4-00DC-0D24-347CA8A3377C}
{82750B64-FFA4-00DC-0D24-347CA8A3377C}
{81F314B4-FFA4-00DC-0D24-347CA8A3377C}
{81FDA054-FFA4-00DC-0D24-347CA8A3377C}
{82432DDC-FFA4-00DC-0D24-347CA8A3377C}
{829911CC-FFA4-00DC-0D24-347CA8A3377C}
{823BE5AC-FFA4-00DC-0D24-347CA8A3377C}
{8273E59C-FFA4-00DC-0D24-347CA8A3377C}
{823E63E4-FFA4-00DC-0D24-347CA8A3377C}
{8209E5F4-FFA4-00DC-0D24-347CA8A3377C}
{8207FDDC-FFA4-00DC-0D24-347CA8A3377C}
{82778924-FFA4-00DC-0D24-347CA8A3377C}
{81F62054-FFA4-00DC-0D24-347CA8A3377C}
{FFB722C4-FFA4-00DC-0D24-347CA8A3377C}
{82263DDC-FFA4-00DC-0D24-347CA8A3377C}
{820F3054-FFA4-00DC-0D24-347CA8A3377C}
{82094BFC-FFA4-00DC-0D24-347CA8A3377C}
{8201369C-FFA4-00DC-0D24-347CA8A3377C}
{81F58DDC-FFA4-00DC-0D24-347CA8A3377C}
{82A8531C-FFA4-00DC-0D24-347CA8A3377C}
{81F8F35C-FFA4-00DC-0D24-347CA8A3377C}
{8299B324-FFA4-00DC-0D24-347CA8A3377C}
{824B6A44-FFA4-00DC-0D24-347CA8A3377C}
{FFBB6054-FFA4-00DC-0D24-347CA8A3377C}
{827DADDC-FFA4-00DC-0D24-347CA8A3377C}
{827BD4D4-FFA4-00DC-0D24-347CA8A3377C}
{82982B5C-FFA4-00DC-0D24-347CA8A3377C}
{827296CC-FFA4-00DC-0D24-347CA8A3377C}
{827D42DC-FFA4-00DC-0D24-347CA8A3377C}
{82792844-FFA4-00DC-0D24-347CA8A3377C}
{82564924-FFA4-00DC-0D24-347CA8A3377C}
{8290CDDC-FFA4-00DC-0D24-347CA8A3377C}
{8218E054-FFA4-00DC-0D24-347CA8A3377C}
{82777704-FFA4-00DC-0D24-347CA8A3377C}
{826C8054-FFA4-00DC-0D24-347CA8A3377C}
{81F5ABFC-FFA4-00DC-0D24-347CA8A3377C}
{822F7054-FFA4-00DC-0D24-347CA8A3377C}
{824D99BC-FFA4-00DC-0D24-347CA8A3377C}
{82817CC4-FFA4-00DC-0D24-347CA8A3377C}
{82428C74-FFA4-00DC-0D24-347CA8A3377C}
{81FD73DC-FFA4-00DC-0D24-347CA8A3377C}
{81FB2DDC-FFA4-00DC-0D24-347CA8A3377C}
{820A5A1C-FFA4-00DC-0D24-347CA8A3377C}
{82436DDC-FFA4-00DC-0D24-347CA8A3377C}
{8276233C-FFA4-00DC-0D24-347CA8A3377C}
{820AD054-FFA4-00DC-0D24-347CA8A3377C}
{81FDBB64-FFA4-00DC-0D24-347CA8A3377C}
{82A9BCEC-FFA4-00DC-0D24-347CA8A3377C}
{81EF4054-FFA4-00DC-0D24-347CA8A3377C}
{828CEA9C-FFA4-00DC-0D24-347CA8A3377C}
{8200761C-FFA4-00DC-0D24-347CA8A3377C}
{827286BC-FFA4-00DC-0D24-347CA8A3377C}
{81FED054-FFA4-00DC-0D24-347CA8A3377C}
{82834804-FFA4-00DC-0D24-347CA8A3377C}
{8210D62C-FFA4-00DC-0D24-347CA8A3377C}
{8293B054-FFA4-00DC-0D24-347CA8A3377C}
{820ED69C-FFA4-00DC-0D24-347CA8A3377C}
{81FA75F4-FFA4-00DC-0D24-347CA8A3377C}
{820C4054-FFA4-00DC-0D24-347CA8A3377C}
{823AD23C-FFA4-00DC-0D24-347CA8A3377C}
{825612D4-FFA4-00DC-0D24-347CA8A3377C}
{8276D3AC-FFA4-00DC-0D24-347CA8A3377C}
{82039054-FFA4-00DC-0D24-347CA8A3377C}
{81DE3DDC-FFA4-00DC-0D24-347CA8A3377C}
{00000000-0000-0000-0000-000000000000}
{81FF12C4-FFA4-00DC-0D24-347CA8A3377C}
{82500AEC-FFA4-00DC-0D24-347CA8A3377C}
{82114054-FFA4-00DC-0D24-347CA8A3377C}
{82010DDC-FFA4-00DC-0D24-347CA8A3377C}
{82979DDC-FFA4-00DC-0D24-347CA8A3377C}
{8248B4DC-FFA4-00DC-0D24-347CA8A3377C}
{FFB7A9D4-FFA4-00DC-0D24-347CA8A3377C}
{8209156C-FFA4-00DC-0D24-347CA8A3377C}
{81EE4334-FFA4-00DC-0D24-347CA8A3377C}
{824954B4-FFA4-00DC-0D24-347CA8A3377C}
{82066924-FFA4-00DC-0D24-347CA8A3377C}
{FF1695CC-FFA4-00DC-0D24-347CA8A3377C}
{82437DDC-FFA4-00DC-0D24-347CA8A3377C}
{828AA538-FFA4-00DC-0D24-347CA8A3377C}
{82759DDC-FFA4-00DC-0D24-347CA8A3377C}
{8273BDDC-FFA4-00DC-0D24-347CA8A3377C}
{82477A6C-FFA4-00DC-0D24-347CA8A3377C}
{81FE5054-FFA4-00DC-0D24-347CA8A3377C}
{8271180C-FFA4-00DC-0D24-347CA8A3377C}
{81E6C334-FFA4-00DC-0D24-347CA8A3377C}
{81F4C1AC-FFA4-00DC-0D24-347CA8A3377C}
{828CFDDC-FFA4-00DC-0D24-347CA8A3377C}
{823F5BFC-FFA4-00DC-0D24-347CA8A3377C}
{81FB3054-FFA4-00DC-0D24-347CA8A3377C}
{82090DDC-FFA4-00DC-0D24-347CA8A3377C}
{827E24E4-FFA4-00DC-0D24-347CA8A3377C}
{81FB1054-FFA4-00DC-0D24-347CA8A3377C}
{8281741C-FFA4-00DC-0D24-347CA8A3377C}
{81DC3C44-FFA4-00DC-0D24-347CA8A3377C}
{825A4DDC-FFA4-00DC-0D24-347CA8A3377C}
{8243E8BC-FFA4-00DC-0D24-347CA8A3377C}
{81FB5BFC-FFA4-00DC-0D24-347CA8A3377C}
{81F15DDC-FFA4-00DC-0D24-347CA8A3377C}
{8279E054-FFA4-00DC-0D24-347CA8A3377C}
{8293CC44-FFA4-00DC-0D24-347CA8A3377C}
{8247740C-FFA4-00DC-0D24-347CA8A3377C}
{FEACA474-FFA4-00DC-0D24-347CA8A3377C}
{8208D054-FFA4-00DC-0D24-347CA8A3377C}
{82035BFC-FFA4-00DC-0D24-347CA8A3377C}
{827EF054-FFA4-00DC-0D24-347CA8A3377C}
{828F8934-FFA4-00DC-0D24-347CA8A3377C}
{828DA9B4-FFA4-00DC-0D24-347CA8A3377C}
{822C1054-FFA4-00DC-0D24-347CA8A3377C}
{820FF5AC-FFA4-00DC-0D24-347CA8A3377C}
{82484DDC-FFA4-00DC-0D24-347CA8A3377C}
{827A05A4-FFA4-00DC-0D24-347CA8A3377C}
{827A0B24-FFA4-00DC-0D24-347CA8A3377C}
{82758DDC-FFA4-00DC-0D24-347CA8A3377C}
{82796864-FFA4-00DC-0D24-347CA8A3377C}
{82822054-FFA4-00DC-0D24-347CA8A3377C}
{8243EDDC-FFA4-00FF-0D24-347CA8A3377C}
{824B158C-FFA4-00DC-0D24-347CA8A3377C}
{826CFDDC-FFA4-00DC-0D24-347CA8A3377C}
{82753DDC-FFA4-00DC-0D24-347CA8A3377C}
{827453BC-FFA4-00DC-0D24-347CA8A3377C}
{823D0054-FFA4-00DC-0D24-347CA8A3377C}
{824FA9F4-FFA4-00DC-0D24-347CA8A3377C}
{829B82CC-FFA4-00DC-0D24-347CA8A3377C}
{820AE2BC-FFA4-00DC-0D24-347CA8A3377C}
{8275FDDC-FFA4-00DC-0D24-347CA8A3377C}
{82128DDC-FFA4-00DC-0D24-347CA8A3377C}
{827B9294-FFA4-00DC-0D24-347CA8A3377C}
{823F1864-FFA4-00DC-0D24-347CA8A3377C}
{8295A2A4-FFA4-00DC-0D24-347CA8A3377C}
{820C8054-FFA4-00DC-0D24-347CA8A3377C}
{81D184E4-FFA4-00DC-0D24-347CA8A3377C}
{8204DDDC-FFA4-00DC-0D24-347CA8A3377C}
{8270EBFC-FFA4-00DC-0D24-347CA8A3377C}
{8292A054-FFA4-00DC-0D24-347CA8A3377C}
{8299243C-FFA4-00DC-0D24-347CA8A3377C}
{82457BFC-FFA4-00DC-0D24-347CA8A3377C}
{827B23BC-FFA4-00DC-0D24-347CA8A3377C}
{8257C7BC-FFA4-00DC-0D24-347CA8A3377C}
{829BAD0C-FFA4-00DC-0D24-347CA8A3377C}
{FF74C5CC-FFA4-00DC-0D24-347CA8A3377C}
{8206E054-FFA4-00DC-0D24-347CA8A3377C}
{82739724-FFA4-00DC-0D24-347CA8A3377C}
{82981ADC-FFA4-00DC-0D24-347CA8A3377C}
{81F25A1C-FFA4-00DC-0D24-347CA8A3377C}
{82428CE4-FFA4-00DC-0D24-347CA8A3377C}
{8202B334-FFA4-00DC-0D24-347CA8A3377C}
{82A3A7AC-FFA4-00DC-0D24-347CA8A3377C}
{82741594-FFA4-00DC-0D24-347CA8A3377C}
{FFB68054-FFA4-00DC-0D24-347CA8A3377C}
{82736DDC-FFA4-00DC-0D24-347CA8A3377C}
{828CDDDC-FFA4-00DC-0D24-347CA8A3377C}
{8278A91C-FFA4-00DC-0D24-347CA8A3377C}
{8240F054-FFA4-00DC-0D24-347CA8A3377C}
{FFB72DDC-FFA4-00DC-0D24-347CA8A3377C}
{824898AC-FFA4-00DC-0D24-347CA8A3377C}
{8212E5CC-FFA4-00DC-0D24-347CA8A3377C}
{828CAC24-FFA4-00DC-0D24-347CA8A3377C}
{81F5235C-FFA4-00DC-0D24-347CA8A3377C}
{820E8B64-FFA4-00DC-0D24-347CA8A3377C}
{8249239C-FFA4-00DC-0D24-347CA8A3377C}
{824959A4-FFA4-00DC-0D24-347CA8A3377C}
{8207B054-FFA4-00DC-0D24-347CA8A3377C}
{82144054-FFA4-00DC-0D24-347CA8A3377C}
{821019A4-FFA4-00DC-0D24-347CA8A3377C}
{81F7B9CC-FFA4-00DC-0D24-347CA8A3377C}
{827A948C-FFA4-00DC-0D24-347CA8A3377C}
{827E1054-FFA4-00DC-0D24-347CA8A3377C}
{81F42054-FFA4-00DC-0D24-347CA8A3377C}
{825D15CC-FFA4-00DC-0D24-347CA8A3377C}
{820BE054-FFA4-00DC-0D24-347CA8A3377C}
{820812BC-FFA4-00DC-0D24-347CA8A3377C}
{824EB67C-FFA4-00DC-0D24-347CA8A3377C}
{829832E4-FFA4-00DC-0D24-347CA8A3377C}
{82838B24-FFA4-00DC-0D24-347CA8A3377C}
{82791DDC-FFA4-00DC-0D24-347CA8A3377C}

File::
c:\windows\Ijeko.bin 
c:\windows\Kvaxurizevuladi.dat
c:\windows\system32\drivers\qbidwz.sys
c:\windows\system32\drivers\clmhufow.sys

Folder::
c:\documents and settings\Rob Leach\Local Settings\Application Data\puxjmjdvd

Driver:: 
qbidwz
clmhufow

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522

DirLook::
c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}

Regnull::
[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90124BF-EFC2-E9ED-E1C0-275EB787C177}*]

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 21st, 2010, 1:27 am

Please note: When I dragged the Txt file onto Combofix it did tell me that ' a new version was available' - I ignored this message.

ComboFix 10-09-20.01 - Rob Leach 21/09/2010 6:05.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.208 [GMT 1:00]
Running from: c:\documents and settings\Rob Leach\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob Leach\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\Ijeko.bin"
"c:\windows\Kvaxurizevuladi.dat"
"c:\windows\system32\drivers\clmhufow.sys"
"c:\windows\system32\drivers\qbidwz.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rob Leach\Local Settings\Application Data\puxjmjdvd
c:\windows\Ijeko.bin
c:\windows\Kvaxurizevuladi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QBIDWZ
-------\Service_clmhufow


((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-16 16:50 . 2010-09-16 16:50 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Amazon
2010-09-16 16:49 . 2010-09-16 16:49 -------- d-----w- c:\program files\Amazon
2010-09-16 10:18 . 2010-09-16 10:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Memeo
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\program files\Common Files\Memeo
2010-09-16 10:16 . 2010-09-16 10:16 -------- d-----w- c:\program files\Memeo
2010-09-16 09:33 . 2010-09-16 09:33 388096 ----a-r- c:\documents and settings\Rob Leach\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-16 09:33 . 2010-09-16 09:33 -------- d-----w- c:\program files\Trend Micro
2010-09-15 20:19 . 2010-09-15 20:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-15 19:24 . 2010-09-15 19:24 -------- d-----w- c:\program files\Sophos
2010-09-15 19:11 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-15 19:11 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-15 19:11 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-15 17:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-15 17:46 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-15 17:46 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-15 17:46 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 17:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-15 17:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-15 17:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-15 17:43 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-15 17:43 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-15 17:43 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-15 17:43 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-15 17:43 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-15 17:43 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-15 17:43 . 2010-06-24 16:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-15 17:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-15 17:39 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-15 17:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-09-15 17:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\windows\dell
2010-09-15 16:21 . 2004-08-12 14:09 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-15 16:21 . 2004-08-12 14:09 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-15 16:19 . 2004-08-12 13:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-09-15 16:18 . 2004-08-12 13:56 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-09-15 16:16 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-15 15:58 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-15 15:58 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-02 07:36 . 2010-09-02 07:36 -------- d-sh--w- c:\documents and settings\Pamela\IECompatCache
2010-08-26 08:47 . 2010-08-26 08:59 -------- d-----w- c:\program files\Game_Maker8
2010-08-25 16:11 . 2010-08-25 16:17 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Recolored
2010-08-22 18:03 . 2010-08-22 18:03 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\{EE05DBD9-60A5-46A1-AB87-419928FDB750}
2010-08-22 14:07 . 2010-08-22 14:07 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 13:04 . 2010-08-22 13:04 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 05:15 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-21 05:15 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-20 18:32 . 2009-02-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-16 15:27 . 2005-03-06 11:37 -------- d-----w- c:\program files\BHODemon 2
2010-09-15 19:13 . 2004-08-10 13:13 79027 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-09-15 16:32 . 2005-03-05 15:25 113320 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 16:15 . 2004-08-10 13:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-09 16:18 . 2010-04-27 06:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 15:53 . 2006-11-25 10:34 -------- d-----w- c:\program files\SpywareBlaster
2010-08-19 10:09 . 2009-09-04 06:17 -------- d-----w- c:\program files\Ken Rename
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 05:06 . 2008-01-19 15:28 -------- d-----w- c:\program files\Songbeat
2010-08-05 05:03 . 2005-03-02 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 04:58 . 2010-05-19 15:54 -------- d-----w- c:\program files\Red Chair Software
2010-07-29 06:57 . 2010-07-29 06:57 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Cycling '74
2010-07-29 06:48 . 2006-04-07 17:33 -------- d-----w- c:\program files\PhotoArtMaster Classic
2010-07-29 06:47 . 2007-08-20 20:52 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-07-28 12:23 . 2010-07-28 12:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\gtk-2.0
2010-07-28 11:54 . 2007-10-23 05:56 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\AVS4YOU
2010-07-28 11:54 . 2010-07-09 13:31 -------- d-----w- c:\program files\AVS4YOU
2010-07-26 21:09 . 2009-06-19 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-26 20:04 . 2010-07-26 20:04 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-18 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 16:42 . 2009-03-31 07:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 16:42 . 2010-07-16 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 16:41 . 2009-03-31 07:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 16:28 . 2006-05-14 17:26 112936 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-12 14:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 14:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-03-05 19:32 . 2009-03-05 19:31 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-12-29 20:58 . 2007-12-29 20:58 33426015 ----a-w- c:\program files\Common Files\data.dpk
2006-05-03 09:06 . 2008-08-12 08:27 163328 --sha-r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-08-12 08:27 31232 --sha-r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-08-12 08:27 216064 --sha-r- c:\windows\SYSTEM32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D} ----

2010-08-22 13:04 . 2010-08-22 13:04 5954 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}\chrome\content\overlay.xul
2010-08-22 13:04 . 2010-08-22 13:04 2118 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}\chrome\content\_cfg.js
2010-08-22 13:04 . 2010-08-22 13:04 764 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}\install.rdf
2010-08-22 13:04 . 2010-08-22 13:04 122 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}\chrome.manifest


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 16:42 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=c:\windows\pss\BHODemon 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^Notmad Manager.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\Notmad Manager.lnk
backup=c:\windows\pss\Notmad Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 16:27 110592 ----a-w- c:\windows\SYSTEM32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-06 20:07 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 16:45 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 16:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 11:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 05:00 44032 ----a-w- c:\windows\IME\IMKR6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 21:32 208952 ----a-w- c:\windows\IME\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-12-12 10:23 2236416 ----a-w- c:\windows\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 13:17 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 13:20 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2010-04-23 00:33 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-08 17:43 1953792 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-11 17:10 4583424 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 18:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-08 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-01-15 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d347bus;d347bus;c:\windows\SYSTEM32\DRIVERS\d347bus.sys [11/09/2005 10:20 155136]
R0 d347prt;d347prt;c:\windows\SYSTEM32\DRIVERS\d347prt.sys [11/09/2005 10:20 5248]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [31/03/2009 07:45 64160]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/02/2009 21:10 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [31/03/2009 08:52 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [31/03/2009 08:52 243024]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 17:42 308136]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23/04/2010 01:33 25824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2010 14:43 136176]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\SYSTEM32\DRIVERS\BUSB2902.sys [05/11/2007 11:54 110272]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\SYSTEM32\DRIVERS\mausbmr.sys [16/02/2010 18:41 124800]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\SYSTEM32\DRIVERS\LV532AV.SYS [21/04/2005 13:12 152576]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-30 19:44]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{AA2B31D1-1639-48B5-BD6F-841FB6A9896D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{E7B292D1-9F90-4728-AB45-9512483DC2FB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
TCP: {D1678CC5-DC47-40D3-84CE-F00E0E69C957} = 192.168.0.1
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 06:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\KService\KService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-21 06:24:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 05:24
ComboFix2.txt 2010-09-20 18:56
ComboFix3.txt 2010-09-16 08:11

Pre-Run: 51,025,616,896 bytes free
Post-Run: 51,076,939,776 bytes free

- - End Of File - - 9A68B36776D31B12DD87F471ED61C913
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby melboy » September 21st, 2010, 2:34 am

Hi

Well done - Give me an update on how things are running.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.1
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.4
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u21-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 18
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: ROOTKIT.AGENT (QBIDWZ) wont go away

Unread postby Bleach » September 21st, 2010, 4:17 am

Hello again - I really do appreciate the help you have given me in sorting out this problem _ have know idea what youy have done but things seem to be getting better: As per your instructions I have:

Installed latest ADOBE
Installed latest JAVA

I ran Malwarebytes which yielded the following:-

alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/09/2010 08:27:08
mbam-log-2010-09-21 (08-27-08).txt

Scan type: Quick scan
Objects scanned: 149590
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As instructed, I ran the on-line scanner ESET which loaded its database and ran for about 30mins or so, about 46% through its process. Unfortunately, when the 'screen' timed out I immediately reacted by hitting the spacebar ( force of habit ) - this stopped the run. At this point, it hadnt found anything and was searching through my Music collection. I tried to re-run teh application but itdidnt want to function - got the message about loading Active x controls etc and then it just 'hung'.
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top

Many, many thanks

Unread postby Bleach » September 21st, 2010, 6:54 am

It was the power of GOOGLE that brought me to your site - I was about to give up with my PC. I simply can not believe the level of help that you have offered me - your instructions were precise, accurate and, I believe, the problem has gone away. I am searching in vain for some sort of Justgiving site asociated with your operation as a box of virtual chocolates doesnt seem enough. I am in your debt. Thankyou.
Bleach
Regular Member
 
Posts: 18
Joined: September 16th, 2010, 3:34 am
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index