W32.Troresba variation- maybe? [Archive]

View Full Version : W32.Troresba variation- maybe?

DaveLeland

2011-01-17, 05:37

I believe there is a variation of the W32.Troresba worm on my PC and probably on the others in my home network. I am a newbie

to malware removal, so I have already done most of the things you asked us not to do. That said, System Restore is off, there

are no backups on this machine, my XP directory and the rest of my machine is as clean as I can make it.
Spybot, and several other anti-malware programs fail to find w32.? Other than a slow boot which fails to finish, my chief clue

are the folders Xerox, and sub-folder nwwia. I delete them and they are recreated. I replaced them with system file checker-

same results. I may have stopped the worm temporarily by using the administrator account in safe mode, deleting them, and

re-creating them myself, changing to very limited rights, and making them read-only. I used a lower case X for Xerox, so I

could tell if anything changed. So far, they have remained the same. I noticed that MSI ran briefly on startup, but it is not

shown in the DDS as a running process. I believe it failed to deliver its payload for the above reason. Note: the event log

shows msiexec.exe was restored after it terminated unexpectedly- see top two event log entries in attach.txt. I found MSI

running with the Anti-Spy Info program, and was able to read the text in the executable. The text lead me to believe, that it

was busy acting as user S-1-5-18 for various tasks which seemed inappropriate. There are now three users in the registry with

only Administrator and My account showing in the User manager. There are many duplicate entrys in the registry, which may

account for some of the slow startup.

I ran dds twice- once long after boot(DDS.txt, Attach.txt), and once as fast as I could click on DDS(DDS1.txt, Attach1.txt).

Notable differences are:
DDS1: DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///E:/DOCUME~1/davel/LOCALS~1/Temp/IXP001.TMP/setup.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
DDS: Not there

DDS1: DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
DDS: Not there

I believe this is enough to get started--- Not enough time or space to write everything.

Any help would be very much appreciated.

Thanks,
Dave

ZZZZZZZZZZZZZZ begin DDS ZZZZZZZZZZZZZZZZZZ

DDS (Ver_10-12-12.02) - NTFSx86
Run by davel at 16:53:33.31 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2676 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Microsoft Security Client\msseces.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\davel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - e:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - e:\program files\windows live\toolbar\wltcore.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
mRun: [type32] "e:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "e:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
dRun: [DWQueuedReporting] "e:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: Append Link Target to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - e:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: 977music.com
Trusted Zone: amazon.com\www
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: divx.com\www
Trusted Zone: ebay.com\signin
Trusted Zone: facebook.com\login
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: ipride.com\www
Trusted Zone: live.com\workspace.office
Trusted Zone: microsoft.com\*.update
Trusted Zone: nwmls.com
Trusted Zone: rapmls.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\www
DPF: PUFLITE - hxxp://davidleland.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///E:/DOCUME~1/davel/LOCALS~1/Temp/IXP001.TMP/setup.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261081771046
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261081761125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: e:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;e:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 54760]
R3 AV88BASE;Cx2388x Base Driver;e:\windows\system32\drivers\av88base.sys [2007-4-13 423936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-1-10 1691480]
S3 brfilt;Brother MFC Filter Driver;e:\windows\system32\drivers\brfilt.sys [2008-12-1 2944]
S3 BrSerWDM;Brother WDM Serial driver;e:\windows\system32\drivers\BrSerWdm.sys [2003-3-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;e:\windows\system32\drivers\brusbmdm.sys [2008-12-1 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;e:\windows\system32\drivers\brusbscn.sys [2008-12-1 10368]
S3 cpuz132;cpuz132; [x]
S3 DlinkUDSMBus;DlinkUDSMBus;e:\windows\system32\drivers\dlinkudsmbus.sys --> e:\windows\system32\drivers\DlinkUDSMBus.sys [?]
S3 fsssvc;Windows Live Family Safety Service;e:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;e:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-4 30192]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\drivers\Rt86win7.sys [2011-1-10 233472]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);"e:\program files\google\update\googleupdate.exe" /svc --> e:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2011-01-16 21:21:00 388096 -c--a-r- e:\docume~1\davel\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-01-16 21:20:59 -------- dc----w- e:\program files\TrendMicro
2011-01-15 09:26:02 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8db8ca81-f66e-4ad1-a343-fecef2901221}\mpengine.dll
2011-01-15 08:56:20 12800 -c--a-w- e:\windows\system32\dllcache\mrinfo.exe
2011-01-15 08:53:54 450560 -c--a-w- e:\windows\system32\dllcache\infosoft.dll
2011-01-14 23:54:15 -------- dc----w- e:\docume~1\alluse~1\applic~1\AntiSpyInfo
2011-01-14 23:54:08 -------- dc----w- e:\program files\Anti-Spy.Info
2011-01-14 23:22:24 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll
2011-01-14 23:22:21 23040 -c--a-w- e:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-14 23:22:20 18944 -c--a-w- e:\windows\system32\dllcache\xrxscnui.dll
2011-01-14 23:22:18 27648 -c--a-w- e:\windows\system32\dllcache\xrxftplt.exe
2011-01-14 23:22:15 4608 -c--a-w- e:\windows\system32\dllcache\xrxflnch.exe
2011-01-14 23:22:01 99865 -c--a-w- e:\windows\system32\dllcache\xlog.exe
2011-01-14 23:20:57 19016 -c--a-w- e:\windows\system32\dllcache\w926nd.sys
2011-01-14 23:19:58 50688 -c--a-w- e:\windows\system32\dllcache\umaxscan.dll
2011-01-14 23:18:59 4992 -c--a-w- e:\windows\system32\dllcache\toside.sys
2011-01-14 23:17:58 10240 -c--a-w- e:\windows\system32\dllcache\swpidflt.dll
2011-01-14 23:16:59 7040 -c--a-w- e:\windows\system32\dllcache\snyaitmc.sys
2011-01-14 23:15:59 150144 -c--a-w- e:\windows\system32\dllcache\sis6306v.dll
2011-01-14 23:14:59 495616 -c--a-w- e:\windows\system32\dllcache\sblfx.dll
2011-01-14 23:13:58 19584 -c--a-w- e:\windows\system32\dllcache\rasirda.sys
2011-01-14 23:12:59 92416 -c--a-w- e:\windows\system32\dllcache\phildec.sys
2011-01-14 23:11:59 28032 -c--a-w- e:\windows\system32\dllcache\ovcd.sys
2011-01-14 23:10:59 39264 -c--a-w- e:\windows\system32\dllcache\neo20xx.sys
2011-01-14 23:09:58 35200 -c--a-w- e:\windows\system32\dllcache\msgame.sys
2011-01-14 23:08:59 727786 -c--a-w- e:\windows\system32\dllcache\ltck000c.sys
2011-01-14 23:07:58 23552 -c--a-w- e:\windows\system32\dllcache\irmk7.sys
2011-01-14 23:06:58 38528 -c--a-w- e:\windows\system32\dllcache\ibmvcap.sys
2011-01-14 23:05:59 19456 -c--a-w- e:\windows\system32\dllcache\hr1w.dll
2011-01-14 23:04:32 442240 -c--a-w- e:\windows\system32\dllcache\fpnpbase.sys
2011-01-14 23:04:30 441728 -c--a-w- e:\windows\system32\dllcache\fpcmbase.sys
2011-01-14 23:04:29 444416 -c--a-w- e:\windows\system32\dllcache\fpcibase.sys
2011-01-14 23:04:28 34173 -c--a-w- e:\windows\system32\dllcache\forehe.sys
2011-01-14 23:04:26 71680 -c--a-w- e:\windows\system32\dllcache\fnfilter.dll
2011-01-14 23:04:19 27165 -c--a-w- e:\windows\system32\dllcache\fetnd5.sys
2011-01-14 23:04:15 22090 -c--a-w- e:\windows\system32\dllcache\fem556n5.sys
2011-01-14 23:03:21 24618 -c--a-w- e:\windows\system32\dllcache\fa410nd5.sys
2011-01-14 23:03:19 16074 -c--a-w- e:\windows\system32\dllcache\fa312nd5.sys
2011-01-14 23:03:18 11850 -c--a-w- e:\windows\system32\dllcache\f3ab18xj.sys
2011-01-14 23:03:16 12362 -c--a-w- e:\windows\system32\dllcache\f3ab18xi.sys
2011-01-14 23:03:14 7040 -c--a-w- e:\windows\system32\dllcache\exabyte2.sys
2011-01-14 23:03:13 16998 -c--a-w- e:\windows\system32\dllcache\ex10.sys
2011-01-14 23:03:08 45568 -c--a-w- e:\windows\system32\dllcache\esunib.dll
2011-01-14 23:03:07 45568 -c--a-w- e:\windows\system32\dllcache\esuni.dll
2011-01-14 23:03:04 34816 -c--a-w- e:\windows\system32\dllcache\esuimg.dll
2011-01-14 23:00:59 629952 -c--a-w- e:\windows\system32\dllcache\eqn.sys
2011-01-14 22:59:59 103044 -c--a-w- e:\windows\system32\dllcache\digidxb.sys
2011-01-14 22:58:52 8192 -c--a-w- e:\windows\system32\dllcache\changer.sys
2011-01-14 22:57:53 13824 -c--a-w- e:\windows\system32\dllcache\bulltlp3.sys
2011-01-14 22:56:55 10880 -c--a-w- e:\windows\system32\dllcache\admjoy.sys
2011-01-14 17:17:24 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-13 14:49:31 -------- dc----w- e:\program files\Sdelete
2011-01-13 08:57:42 222080 -c----w- e:\windows\system32\MpSigStub.exe
2011-01-13 08:56:13 -------- dc----w- e:\program files\Microsoft Security Client
2011-01-11 07:36:30 -------- dc----w- e:\windows\system32\RTCOM
2011-01-11 07:25:50 -------- dc----w- e:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-01-11 07:25:04 240592 -c--a-w- e:\windows\system32\nvdrsdb0.bin
2011-01-11 07:25:00 240592 -c--a-w- e:\windows\system32\nvdrsdb1.bin
2011-01-11 07:25:00 1 -c--a-w- e:\windows\system32\nvdrssel.bin
2011-01-11 07:24:47 888424 -c--a-w- e:\windows\system32\nvdispco32.dll
2011-01-11 07:24:47 813672 -c--a-w- e:\windows\system32\nvgenco32.dll
2011-01-11 07:24:47 61440 -c--a-w- e:\windows\system32\OpenCL.dll
2011-01-11 07:24:47 4882432 -c--a-w- e:\windows\system32\nvcuda.dll
2011-01-11 07:24:47 2932840 -c--a-w- e:\windows\system32\nvcuvid.dll
2011-01-11 07:24:47 2666600 -c--a-w- e:\windows\system32\nvcuvenc.dll
2011-01-11 07:24:47 2293194 -c--a-w- e:\windows\system32\nvdata.bin
2011-01-11 07:24:47 14532608 -c--a-w- e:\windows\system32\nvoglnt.dll
2011-01-11 07:24:46 1462272 -c--a-w- e:\windows\system32\nvapi.dll
2011-01-11 07:24:46 13012992 -c--a-w- e:\windows\system32\nvcompiler.dll
2011-01-11 07:24:33 -------- dc----w- e:\program files\NVIDIA Corporation
2011-01-11 07:04:23 -------- dc----w- e:\program files\ATI
2011-01-11 06:57:23 105088 -c--a-r- e:\windows\system32\drivers\Rtnicxp.sys
2011-01-11 06:55:38 273512 -c--a-w- e:\windows\system32\drivers\Rtenicxp.sys
2011-01-11 06:55:33 -------- dc----w- e:\program files\Realtek
2011-01-11 06:12:28 94208 -c--a-w- e:\windows\system32\RTNUninst32.dll
2011-01-11 06:12:28 73728 -c--a-w- e:\windows\system32\RtNicProp32.dll
2011-01-11 06:12:28 233472 -c--a-w- e:\windows\system32\drivers\Rt86win7.sys
2011-01-11 06:00:01 -------- d-----w- E:\MSI7280newer
2011-01-11 05:21:23 -------- d-----w- E:\MSI7280
2010-12-21 01:30:24 -------- dc----w- e:\program files\Spybot - Search & Destroy
2010-12-20 21:56:46 98392 -c--a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-12-20 21:55:57 -------- dc----w- e:\docume~1\davel\locals~1\applic~1\Sunbelt Software
2010-12-20 21:54:50 -------- dc----w- e:\program files\Lavasoft

==================== Find3M ====================

2010-12-02 03:35:18 4280320 -c--a-w- e:\windows\system32\GPhotos.scr
2010-12-02 00:44:11 60416 -c--a-w- e:\windows\ALCFDRTM.VER
2010-11-18 18:12:44 81920 -c--a-w- e:\windows\system32\isign32.dll
2010-11-13 02:53:06 472808 -c--a-w- e:\windows\system32\deployJava1.dll
2010-11-13 00:34:10 73728 -c--a-w- e:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 -c--a-w- e:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 -c--a-w- e:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 -c--a-w- e:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 -c----w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 -c--a-w- e:\windows\system32\html.iec
2010-10-28 13:13:22 290048 -c--a-w- e:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 -c--a-w- e:\windows\system32\win32k.sys

============= FINISH: 16:54:30.68 ===============

ZZZZZZZZZZZZZZZZZZZZZZ begin DDS1 ZZZZZZZZZZZZZZZZZZZZZZZ

DDS (Ver_10-12-12.02) - NTFSx86
Run by davel at 18:49:07.40 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2711 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\dllhost.exe
E:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Microsoft Security Client\msseces.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
E:\Documents and Settings\davel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - e:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - e:\program files\windows live\toolbar\wltcore.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
mRun: [type32] "e:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "e:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
dRun: [DWQueuedReporting] "e:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: Append Link Target to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - e:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: 977music.com
Trusted Zone: amazon.com\www
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: divx.com\www
Trusted Zone: ebay.com\signin
Trusted Zone: facebook.com\login
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: ipride.com\www
Trusted Zone: live.com\workspace.office
Trusted Zone: microsoft.com\*.update
Trusted Zone: nwmls.com
Trusted Zone: rapmls.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\www
DPF: PUFLITE - hxxp://davidleland.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///E:/DOCUME~1/davel/LOCALS~1/Temp/IXP001.TMP/setup.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261081771046
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261081761125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: e:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;e:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 54760]
R3 AV88BASE;Cx2388x Base Driver;e:\windows\system32\drivers\av88base.sys [2007-4-13 423936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-1-10 1691480]
S3 brfilt;Brother MFC Filter Driver;e:\windows\system32\drivers\brfilt.sys [2008-12-1 2944]
S3 BrSerWDM;Brother WDM Serial driver;e:\windows\system32\drivers\BrSerWdm.sys [2003-3-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;e:\windows\system32\drivers\brusbmdm.sys [2008-12-1 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;e:\windows\system32\drivers\brusbscn.sys [2008-12-1 10368]
S3 cpuz132;cpuz132; [x]
S3 DlinkUDSMBus;DlinkUDSMBus;e:\windows\system32\drivers\dlinkudsmbus.sys --> e:\windows\system32\drivers\DlinkUDSMBus.sys [?]
S3 fsssvc;Windows Live Family Safety Service;e:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;e:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-4 30192]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\drivers\Rt86win7.sys [2011-1-10 233472]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);"e:\program files\google\update\googleupdate.exe" /svc --> e:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2011-01-16 21:21:00 388096 -c--a-r- e:\docume~1\davel\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-01-16 21:20:59 -------- dc----w- e:\program files\TrendMicro
2011-01-15 09:26:02 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8db8ca81-f66e-4ad1-a343-fecef2901221}\mpengine.dll
2011-01-15 08:56:20 12800 -c--a-w- e:\windows\system32\dllcache\mrinfo.exe
2011-01-15 08:53:54 450560 -c--a-w- e:\windows\system32\dllcache\infosoft.dll
2011-01-14 23:54:15 -------- dc----w- e:\docume~1\alluse~1\applic~1\AntiSpyInfo
2011-01-14 23:54:08 -------- dc----w- e:\program files\Anti-Spy.Info
2011-01-14 23:22:24 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll
2011-01-14 23:22:21 23040 -c--a-w- e:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-14 23:22:20 18944 -c--a-w- e:\windows\system32\dllcache\xrxscnui.dll
2011-01-14 23:22:18 27648 -c--a-w- e:\windows\system32\dllcache\xrxftplt.exe
2011-01-14 23:22:15 4608 -c--a-w- e:\windows\system32\dllcache\xrxflnch.exe
2011-01-14 23:22:01 99865 -c--a-w- e:\windows\system32\dllcache\xlog.exe
2011-01-14 23:20:57 19016 -c--a-w- e:\windows\system32\dllcache\w926nd.sys
2011-01-14 23:19:58 50688 -c--a-w- e:\windows\system32\dllcache\umaxscan.dll
2011-01-14 23:18:59 4992 -c--a-w- e:\windows\system32\dllcache\toside.sys
2011-01-14 23:17:58 10240 -c--a-w- e:\windows\system32\dllcache\swpidflt.dll
2011-01-14 23:16:59 7040 -c--a-w- e:\windows\system32\dllcache\snyaitmc.sys
2011-01-14 23:15:59 150144 -c--a-w- e:\windows\system32\dllcache\sis6306v.dll
2011-01-14 23:14:59 495616 -c--a-w- e:\windows\system32\dllcache\sblfx.dll
2011-01-14 23:13:58 19584 -c--a-w- e:\windows\system32\dllcache\rasirda.sys
2011-01-14 23:12:59 92416 -c--a-w- e:\windows\system32\dllcache\phildec.sys
2011-01-14 23:11:59 28032 -c--a-w- e:\windows\system32\dllcache\ovcd.sys
2011-01-14 23:10:59 39264 -c--a-w- e:\windows\system32\dllcache\neo20xx.sys
2011-01-14 23:09:58 35200 -c--a-w- e:\windows\system32\dllcache\msgame.sys
2011-01-14 23:08:59 727786 -c--a-w- e:\windows\system32\dllcache\ltck000c.sys
2011-01-14 23:07:58 23552 -c--a-w- e:\windows\system32\dllcache\irmk7.sys
2011-01-14 23:06:58 38528 -c--a-w- e:\windows\system32\dllcache\ibmvcap.sys
2011-01-14 23:05:59 19456 -c--a-w- e:\windows\system32\dllcache\hr1w.dll
2011-01-14 23:04:32 442240 -c--a-w- e:\windows\system32\dllcache\fpnpbase.sys
2011-01-14 23:04:30 441728 -c--a-w- e:\windows\system32\dllcache\fpcmbase.sys
2011-01-14 23:04:29 444416 -c--a-w- e:\windows\system32\dllcache\fpcibase.sys
2011-01-14 23:04:28 34173 -c--a-w- e:\windows\system32\dllcache\forehe.sys
2011-01-14 23:04:26 71680 -c--a-w- e:\windows\system32\dllcache\fnfilter.dll
2011-01-14 23:04:19 27165 -c--a-w- e:\windows\system32\dllcache\fetnd5.sys
2011-01-14 23:04:15 22090 -c--a-w- e:\windows\system32\dllcache\fem556n5.sys
2011-01-14 23:03:21 24618 -c--a-w- e:\windows\system32\dllcache\fa410nd5.sys
2011-01-14 23:03:19 16074 -c--a-w- e:\windows\system32\dllcache\fa312nd5.sys
2011-01-14 23:03:18 11850 -c--a-w- e:\windows\system32\dllcache\f3ab18xj.sys
2011-01-14 23:03:16 12362 -c--a-w- e:\windows\system32\dllcache\f3ab18xi.sys
2011-01-14 23:03:14 7040 -c--a-w- e:\windows\system32\dllcache\exabyte2.sys
2011-01-14 23:03:13 16998 -c--a-w- e:\windows\system32\dllcache\ex10.sys
2011-01-14 23:03:08 45568 -c--a-w- e:\windows\system32\dllcache\esunib.dll
2011-01-14 23:03:07 45568 -c--a-w- e:\windows\system32\dllcache\esuni.dll
2011-01-14 23:03:04 34816 -c--a-w- e:\windows\system32\dllcache\esuimg.dll
2011-01-14 23:00:59 629952 -c--a-w- e:\windows\system32\dllcache\eqn.sys
2011-01-14 22:59:59 103044 -c--a-w- e:\windows\system32\dllcache\digidxb.sys
2011-01-14 22:58:52 8192 -c--a-w- e:\windows\system32\dllcache\changer.sys
2011-01-14 22:57:53 13824 -c--a-w- e:\windows\system32\dllcache\bulltlp3.sys
2011-01-14 22:56:55 10880 -c--a-w- e:\windows\system32\dllcache\admjoy.sys
2011-01-14 17:17:24 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-13 14:49:31 -------- dc----w- e:\program files\Sdelete
2011-01-13 08:57:42 222080 -c----w- e:\windows\system32\MpSigStub.exe
2011-01-13 08:56:13 -------- dc----w- e:\program files\Microsoft Security Client
2011-01-11 07:36:30 -------- dc----w- e:\windows\system32\RTCOM
2011-01-11 07:25:50 -------- dc----w- e:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-01-11 07:25:04 240592 -c--a-w- e:\windows\system32\nvdrsdb0.bin
2011-01-11 07:25:00 240592 -c--a-w- e:\windows\system32\nvdrsdb1.bin
2011-01-11 07:25:00 1 -c--a-w- e:\windows\system32\nvdrssel.bin
2011-01-11 07:24:47 888424 -c--a-w- e:\windows\system32\nvdispco32.dll
2011-01-11 07:24:47 813672 -c--a-w- e:\windows\system32\nvgenco32.dll
2011-01-11 07:24:47 61440 -c--a-w- e:\windows\system32\OpenCL.dll
2011-01-11 07:24:47 4882432 -c--a-w- e:\windows\system32\nvcuda.dll
2011-01-11 07:24:47 2932840 -c--a-w- e:\windows\system32\nvcuvid.dll
2011-01-11 07:24:47 2666600 -c--a-w- e:\windows\system32\nvcuvenc.dll
2011-01-11 07:24:47 2293194 -c--a-w- e:\windows\system32\nvdata.bin
2011-01-11 07:24:47 14532608 -c--a-w- e:\windows\system32\nvoglnt.dll
2011-01-11 07:24:46 1462272 -c--a-w- e:\windows\system32\nvapi.dll
2011-01-11 07:24:46 13012992 -c--a-w- e:\windows\system32\nvcompiler.dll
2011-01-11 07:24:33 -------- dc----w- e:\program files\NVIDIA Corporation
2011-01-11 07:04:23 -------- dc----w- e:\program files\ATI
2011-01-11 06:57:23 105088 -c--a-r- e:\windows\system32\drivers\Rtnicxp.sys
2011-01-11 06:55:38 273512 -c--a-w- e:\windows\system32\drivers\Rtenicxp.sys
2011-01-11 06:55:33 -------- dc----w- e:\program files\Realtek
2011-01-11 06:12:28 94208 -c--a-w- e:\windows\system32\RTNUninst32.dll
2011-01-11 06:12:28 73728 -c--a-w- e:\windows\system32\RtNicProp32.dll
2011-01-11 06:12:28 233472 -c--a-w- e:\windows\system32\drivers\Rt86win7.sys
2011-01-11 06:00:01 -------- d-----w- E:\MSI7280newer
2011-01-11 05:21:23 -------- d-----w- E:\MSI7280
2010-12-21 01:30:24 -------- dc----w- e:\program files\Spybot - Search & Destroy
2010-12-20 21:56:46 98392 -c--a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-12-20 21:55:57 -------- dc----w- e:\docume~1\davel\locals~1\applic~1\Sunbelt Software
2010-12-20 21:54:50 -------- dc----w- e:\program files\Lavasoft

==================== Find3M ====================

2010-12-02 03:35:18 4280320 -c--a-w- e:\windows\system32\GPhotos.scr
2010-12-02 00:44:11 60416 -c--a-w- e:\windows\ALCFDRTM.VER
2010-11-18 18:12:44 81920 -c--a-w- e:\windows\system32\isign32.dll
2010-11-13 02:53:06 472808 -c--a-w- e:\windows\system32\deployJava1.dll
2010-11-13 00:34:10 73728 -c--a-w- e:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 -c--a-w- e:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 -c--a-w- e:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 -c--a-w- e:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 -c----w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 -c--a-w- e:\windows\system32\html.iec
2010-10-28 13:13:22 290048 -c--a-w- e:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 -c--a-w- e:\windows\system32\win32k.sys

============= FINISH: 18:55:46.45 ===============

Blade81

2011-01-20, 08:25

Other than a slow boot which fails to finish, my chief clue

are the folders Xerox, and sub-folder nwwia. I delete them and they are recreated.
In what folder is xerox and its subfolder located?

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply with fresh dds logs and description about symptoms (if any).

DaveLeland

2011-01-21, 00:52

Hello Blade,

Thanks for coming to my rescue. I have quite a job ahead, but if you can give some guidance, I'll do the rest. Two of five machines I know to be infected. The one we are working on, was my workstation. It has eight partitions, six of which windows can see, and one harddrive with Windows7, which is now disconnected (I hope is clean). Of the six, C: is W2k, D: is New XP (a fresh install with the latest updates, I use for reference), E: is XP (the system we are working on), F: Data, I: Backups, K: Storage, spanning two 500G drives. What was my workstation has gone through two motherboards in 4 months. I moved the two hard drives into my latest home built computer, and disconnected the Win7 drive. All of the computers on the network are isolated- now.

I will have to get back to you on the fresh reports from DDS, and Malwarebytes.
The last full scan took 24 hours to complete. I can tell you that it found one infection on C: right away. ClamAV found what it identified as Worm.Palevo-1 (aka: W32.Palevo or a variation). I ran Clam from Ubuntu 10.10 on the same machine. Mal found the infection after I quarantined Pelervo with Clam, though I'm not sure where the quarantine is. I have also gone through the XP registry and deleted everything I thought shouldn't be there- some hundreds of entries. I was surprised to see XP start up after that.

In answer to your question, xerox is located in the root of C:\Program Files.

I'm sure you are asking yourself why I don't just get rid of the older Os's, and proceed with Win7. Being Unemployed at the moment, I can't afford to buy anything. I have more than a few very expensive (purchased) programs, some dated but still work. Anyway, I'm a bit upset that the vendors are not supporting the older Os's. I don't care if they don't provide tech support, but they could keep the old files available. Enough said.

Back Later- Thanks again...
Dave

DaveLeland

2011-01-21, 02:19

Hi Blade,
Mal didn't take as long as I anticipated. The results were surprising, as I used it before and it found nothing. Possibly the worm was unable to hide this time. Microsoft Security Essentials found something also, so I attach a notepad copy of the results. DDS results now show a hidden shutdown script. So I guess, the infection persists. I shut down with the power button from now on.
I am writing this from Ubuntu. My level of trust is much higher here.
Best Regards,
Dave

DDS (Ver_10-12-12.02) - NTFSx86

Run by davel at 15:36:18.23 on Thu 01/20/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2707 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\svchost -k DcomLaunch

E:\WINDOWS\system32\svchost -k rpcss

E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

E:\WINDOWS\system32\spoolsv.exe

svchost.exe

E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\WINDOWS\system32\dllhost.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\dllhost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Microsoft IntelliType Pro\type32.exe

E:\Program Files\Microsoft IntelliPoint\ipoint.exe

E:\Program Files\Microsoft Security Client\msseces.exe

E:\WINDOWS\system32\RUNDLL32.EXE

E:\WINDOWS\RTHDCPL.EXE

E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

E:\Documents and Settings\davel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - e:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - e:\program files\windows live\toolbar\wltcore.dll

TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File

mRun: [type32] "e:\program files\microsoft intellitype pro\type32.exe"

mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSC] "e:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

dRun: [DWQueuedReporting] "e:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: MaxRecentDocs = 99 (0x63)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: HideShutdownScripts = 0 (0x0)

IE: Append Link Target to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - e:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - e:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: 977music.com

Trusted Zone: amazon.com\www

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: divx.com\www

Trusted Zone: ebay.com\signin

Trusted Zone: facebook.com\login

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: ipride.com\www

Trusted Zone: live.com\workspace.office

Trusted Zone: microsoft.com\*.update

Trusted Zone: nwmls.com

Trusted Zone: rapmls.com

Trusted Zone: windowsupdate.com\download

Trusted Zone: yahoo.com\login

Trusted Zone: yahoo.com\www

DPF: PUFLITE - hxxp://davidleland.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///E:/DOCUME~1/davel/LOCALS~1/Temp/IXP001.TMP/setup.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261081771046

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261081761125

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

AppInit_DLLs: e:\progra~1\google\google~4\GOEC62~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;e:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 54760]

R3 AV88BASE;Cx2388x Base Driver;e:\windows\system32\drivers\av88base.sys [2007-4-13 423936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-1-10 1691480]

S3 brfilt;Brother MFC Filter Driver;e:\windows\system32\drivers\brfilt.sys [2008-12-1 2944]

S3 BrSerWDM;Brother WDM Serial driver;e:\windows\system32\drivers\BrSerWdm.sys [2003-3-14 61952]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;e:\windows\system32\drivers\brusbmdm.sys [2008-12-1 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver;e:\windows\system32\drivers\brusbscn.sys [2008-12-1 10368]

S3 cpuz132;cpuz132; [x]

S3 DlinkUDSMBus;DlinkUDSMBus;e:\windows\system32\drivers\dlinkudsmbus.sys --> e:\windows\system32\drivers\DlinkUDSMBus.sys [?]

S3 fsssvc;Windows Live Family Safety Service;e:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;e:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-4 30192]

S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\drivers\Rt86win7.sys [2011-1-10 233472]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate;Google Update Service (gupdate);"e:\program files\google\update\googleupdate.exe" /svc --> e:\program files\google\update\GoogleUpdate.exe [?]

S4 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]

=============== Created Last 30 ================

2011-01-20 21:16:33 -------- dc----w- e:\docume~1\davel\applic~1\Malwarebytes

2011-01-20 21:16:27 38224 -c--a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-01-20 21:16:27 -------- dc----w- e:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-20 21:16:23 20952 -c--a-w- e:\windows\system32\drivers\mbam.sys

2011-01-20 21:16:23 -------- dc----w- e:\program files\Malwarebytes' Anti-Malware

2011-01-19 20:06:48 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b1c549f4-1d20-4dcb-b3a2-9992e35c5ced}\mpengine.dll

2011-01-19 06:09:26 -------- d---a-w- E:\.Trash-1000

2011-01-16 21:21:00 388096 -c--a-r- e:\docume~1\davel\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe

2011-01-16 21:20:59 -------- dc----w- e:\program files\TrendMicro

2011-01-15 08:56:20 12800 -c--a-w- e:\windows\system32\dllcache\mrinfo.exe

2011-01-15 08:53:54 450560 -c--a-w- e:\windows\system32\dllcache\infosoft.dll

2011-01-14 23:54:15 -------- dc----w- e:\docume~1\alluse~1\applic~1\AntiSpyInfo

2011-01-14 23:54:08 -------- dc----w- e:\program files\Anti-Spy.Info

2011-01-14 23:22:24 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll

2011-01-14 23:22:21 23040 -c--a-w- e:\windows\system32\dllcache\xrxwbtmp.dll

2011-01-14 23:22:20 18944 -c--a-w- e:\windows\system32\dllcache\xrxscnui.dll

2011-01-14 23:22:18 27648 -c--a-w- e:\windows\system32\dllcache\xrxftplt.exe

2011-01-14 23:22:15 4608 -c--a-w- e:\windows\system32\dllcache\xrxflnch.exe

2011-01-14 23:22:01 99865 -c--a-w- e:\windows\system32\dllcache\xlog.exe

2011-01-14 23:20:57 19016 -c--a-w- e:\windows\system32\dllcache\w926nd.sys

2011-01-14 23:19:58 50688 -c--a-w- e:\windows\system32\dllcache\umaxscan.dll

2011-01-14 23:18:59 4992 -c--a-w- e:\windows\system32\dllcache\toside.sys

2011-01-14 23:17:58 10240 -c--a-w- e:\windows\system32\dllcache\swpidflt.dll

2011-01-14 23:16:59 7040 -c--a-w- e:\windows\system32\dllcache\snyaitmc.sys

2011-01-14 23:15:59 150144 -c--a-w- e:\windows\system32\dllcache\sis6306v.dll

2011-01-14 23:14:59 495616 -c--a-w- e:\windows\system32\dllcache\sblfx.dll

2011-01-14 23:13:58 19584 -c--a-w- e:\windows\system32\dllcache\rasirda.sys

2011-01-14 23:12:59 92416 -c--a-w- e:\windows\system32\dllcache\phildec.sys

2011-01-14 23:11:59 28032 -c--a-w- e:\windows\system32\dllcache\ovcd.sys

2011-01-14 23:10:59 39264 -c--a-w- e:\windows\system32\dllcache\neo20xx.sys

2011-01-14 23:09:58 35200 -c--a-w- e:\windows\system32\dllcache\msgame.sys

2011-01-14 23:08:59 727786 -c--a-w- e:\windows\system32\dllcache\ltck000c.sys

2011-01-14 23:07:58 23552 -c--a-w- e:\windows\system32\dllcache\irmk7.sys

2011-01-14 23:06:58 38528 -c--a-w- e:\windows\system32\dllcache\ibmvcap.sys

2011-01-14 23:05:59 19456 -c--a-w- e:\windows\system32\dllcache\hr1w.dll

2011-01-14 23:04:32 442240 -c--a-w- e:\windows\system32\dllcache\fpnpbase.sys

2011-01-14 23:04:30 441728 -c--a-w- e:\windows\system32\dllcache\fpcmbase.sys

2011-01-14 23:04:29 444416 -c--a-w- e:\windows\system32\dllcache\fpcibase.sys

2011-01-14 23:04:28 34173 -c--a-w- e:\windows\system32\dllcache\forehe.sys

2011-01-14 23:04:26 71680 -c--a-w- e:\windows\system32\dllcache\fnfilter.dll

2011-01-14 23:04:19 27165 -c--a-w- e:\windows\system32\dllcache\fetnd5.sys

2011-01-14 23:04:15 22090 -c--a-w- e:\windows\system32\dllcache\fem556n5.sys

2011-01-14 23:03:21 24618 -c--a-w- e:\windows\system32\dllcache\fa410nd5.sys

2011-01-14 23:03:19 16074 -c--a-w- e:\windows\system32\dllcache\fa312nd5.sys

2011-01-14 23:03:18 11850 -c--a-w- e:\windows\system32\dllcache\f3ab18xj.sys

2011-01-14 23:03:16 12362 -c--a-w- e:\windows\system32\dllcache\f3ab18xi.sys

2011-01-14 23:03:14 7040 -c--a-w- e:\windows\system32\dllcache\exabyte2.sys

2011-01-14 23:03:13 16998 -c--a-w- e:\windows\system32\dllcache\ex10.sys

2011-01-14 23:03:08 45568 -c--a-w- e:\windows\system32\dllcache\esunib.dll

2011-01-14 23:03:07 45568 -c--a-w- e:\windows\system32\dllcache\esuni.dll

2011-01-14 23:03:04 34816 -c--a-w- e:\windows\system32\dllcache\esuimg.dll

2011-01-14 23:00:59 629952 -c--a-w- e:\windows\system32\dllcache\eqn.sys

2011-01-14 22:59:59 103044 -c--a-w- e:\windows\system32\dllcache\digidxb.sys

2011-01-14 22:58:52 8192 -c--a-w- e:\windows\system32\dllcache\changer.sys

2011-01-14 22:57:53 13824 -c--a-w- e:\windows\system32\dllcache\bulltlp3.sys

2011-01-14 22:56:55 10880 -c--a-w- e:\windows\system32\dllcache\admjoy.sys

2011-01-14 17:17:24 6273872 -c--a-w- e:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-01-13 14:49:31 -------- dc----w- e:\program files\Sdelete

2011-01-13 08:57:42 222080 -c----w- e:\windows\system32\MpSigStub.exe

2011-01-13 08:56:13 -------- dc----w- e:\program files\Microsoft Security Client

2011-01-11 07:36:30 -------- dc----w- e:\windows\system32\RTCOM

2011-01-11 07:25:50 -------- dc----w- e:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2011-01-11 07:25:04 240592 -c--a-w- e:\windows\system32\nvdrsdb0.bin

2011-01-11 07:25:00 240592 -c--a-w- e:\windows\system32\nvdrsdb1.bin

2011-01-11 07:25:00 1 -c--a-w- e:\windows\system32\nvdrssel.bin

2011-01-11 07:24:47 888424 -c--a-w- e:\windows\system32\nvdispco32.dll

2011-01-11 07:24:47 813672 -c--a-w- e:\windows\system32\nvgenco32.dll

2011-01-11 07:24:47 61440 -c--a-w- e:\windows\system32\OpenCL.dll

2011-01-11 07:24:47 4882432 -c--a-w- e:\windows\system32\nvcuda.dll

2011-01-11 07:24:47 2932840 -c--a-w- e:\windows\system32\nvcuvid.dll

2011-01-11 07:24:47 2666600 -c--a-w- e:\windows\system32\nvcuvenc.dll

2011-01-11 07:24:47 2293194 -c--a-w- e:\windows\system32\nvdata.bin

2011-01-11 07:24:47 14532608 -c--a-w- e:\windows\system32\nvoglnt.dll

2011-01-11 07:24:46 1462272 -c--a-w- e:\windows\system32\nvapi.dll

2011-01-11 07:24:46 13012992 -c--a-w- e:\windows\system32\nvcompiler.dll

2011-01-11 07:24:33 -------- dc----w- e:\program files\NVIDIA Corporation

2011-01-11 07:04:23 -------- dc----w- e:\program files\ATI

2011-01-11 06:57:23 105088 -c--a-r- e:\windows\system32\drivers\Rtnicxp.sys

2011-01-11 06:55:38 273512 -c--a-w- e:\windows\system32\drivers\Rtenicxp.sys

2011-01-11 06:55:33 -------- dc----w- e:\program files\Realtek

2011-01-11 06:12:28 94208 -c--a-w- e:\windows\system32\RTNUninst32.dll

2011-01-11 06:12:28 73728 -c--a-w- e:\windows\system32\RtNicProp32.dll

2011-01-11 06:12:28 233472 -c--a-w- e:\windows\system32\drivers\Rt86win7.sys

2011-01-11 06:00:01 -------- d-----w- E:\MSI7280newer

2011-01-11 05:21:23 -------- d-----w- E:\MSI7280

==================== Find3M ====================

2010-12-02 03:35:18 4280320 -c--a-w- e:\windows\system32\GPhotos.scr

2010-12-02 00:44:11 60416 -c--a-w- e:\windows\ALCFDRTM.VER

2010-11-18 18:12:44 81920 -c--a-w- e:\windows\system32\isign32.dll

2010-11-13 02:53:06 472808 -c--a-w- e:\windows\system32\deployJava1.dll

2010-11-13 00:34:10 73728 -c--a-w- e:\windows\system32\javacpl.cpl

2010-11-09 14:52:35 249856 -c--a-w- e:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 -c--a-w- e:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 -c--a-w- e:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 -c----w- e:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 -c--a-w- e:\windows\system32\html.iec

2010-10-28 13:13:22 290048 -c--a-w- e:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 -c--a-w- e:\windows\system32\win32k.sys

============= FINISH: 15:37:16.29 ===============

Blade81

2011-01-21, 08:07

Hi Dave,

In answer to your question, xerox is located in the root of C:\Program Files.
That Xerox folder is legit one.

ClamAV found what it identified as Worm.Palevo-1 (aka: W32.Palevo or a variation).
I don't trust ClamAV much myself.

MSE finding can be ignored too.

Uninstall Anti-Spy.Info.

DaveLeland

2011-01-21, 11:52

Hi Blade,
As soon as I finish typing, I will go back to XP and uninstall. I have begun to wonder if Ubuntu has been compromised. Maybe I'm just getting paranoid.
Best,
Dave

DaveLeland

2011-01-21, 16:34

Hi Blade,
Sorry- Xerox lives in the XP partition E:\Program Files\.
Best,
Dave

Blade81

2011-01-21, 21:00

Hi,

That Xerox folder is still legit :)

And what comes to Ubuntu it's most likely not infected.

DaveLeland

2011-01-22, 09:07

Hi Blade,
Since we ran MalwareBytes 'Anti-Malware,' my machine appears to be running well. A little cleanup and re-installing the Nvidia drivers seems to have finished the process. There was one startup entry- E:\Program files\nView\Nwiz.exe /installquiet which seemed out of place. It didn't seem like any install should run, since the drivers have been in place for some time. So I zipped nView with Nwiz in it. After the reinstall of the video drivers, nView did not come back. Do you want another dds run?
Thanks Again,
Dave

DaveLeland

2011-01-22, 10:04

Hi Blade,
From what I read on the web, nView is a legit nVidia file. However,
it has a history of consuming large amounts of CPU time with thousands of calls to the registry. Since nView doesn't appear to be needed, I'll leave it zipped. Nwiz.exe doesn't exist in system32 where it should be.
Also, I forgot to mention that under Appinit dlls ...Local Settings/Temp/IXP001.tmp/setup.cab seemed unnecessary, so I deleted everything in the Temp Folder. I was sure I had done that previously.
Thanks for Your Help,
Dave

Blade81

2011-01-22, 11:06

Hi,

You didn't post MBAM log earlier. Could I see it, please?

DaveLeland

2011-01-22, 11:20

Sorry..
MBAM full scan performed after the first run showed no infection.

Best,
Dave

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5561

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/20/2011 3:10:04 PM

mbam-log-2011-01-20 (15-10-04).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|K:\|)

Objects scanned: 455404

Time elapsed: 1 hour(s), 51 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 5

Files Infected: 280

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

e:\documents and settings\davel\application data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060 (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330 (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:

e:\WINDOWS\Tasks\regtool scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-18 00-10-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-18 00-21-470.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-18 00-37-170.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-18 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-18 12-00-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-22 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-22 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-25 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-25 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-27 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\Logs\2009-03-27 12-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-240.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-213.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-214.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-215.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-216.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-217.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-218.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-219.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-220.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-221.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-223.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-224.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-225.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-226.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-227.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-228.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-229.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-230.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-231.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-232.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-233.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-234.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-235.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-236.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-237.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-238.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-239.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-241.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-242.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-243.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-244.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-245.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-246.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-247.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-248.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-249.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-250.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-251.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-252.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-253.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-254.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-255.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 00-12-060\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.

e:\documents and settings\davel\application data\RegTool\quarantinew\2009-03-18 12-01-330\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.

Blade81

2011-01-22, 12:06

Good. If no issues left then we can probably mark the case as resolved :)

DaveLeland

2011-01-23, 03:35

Hi Blade,
I found one more trojan with SuperAntiSpyware, it identified as Gen-Crytptor [Egun]. I am very impressed with boot, overall speed, etc. Thank you very much. I have a couple questions if you don't mind. Of the freeware firewalls and antivirus programs, which do you recommend? And, did we find anything which could have infected the other machines across my home network?
Your Humble Servant,
Dave Leland

Blade81

2011-01-23, 11:17

I have a couple questions if you don't mind. Of the freeware firewalls and antivirus programs, which do you recommend?
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html) and
Avast! (http://www.avast.com/eng/download-avast-home.html)

For firewall I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo SafeSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!).

And, did we find anything which could have infected the other machines across my home network? Nothing indicates that.

Blade81

2011-01-29, 12:24

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.