Jump to content

tama06

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

 Content Type 

Everything posted by tama06

  1. tama06
    Thank you very much for your time!
  2. tama06
    OTL.Txt Just upload the txt file.
  3. tama06
    OTL.txt is too long to post here. I tried breaking it in half, but it's still too long. The text file is 1920kb ! It is mostly a list of my encrypted files (hundreds of vacation photos, work PDFs, etc). Do you want any particular part of the file pasted here?
  4. tama06
    Regarding reformatting: last time, I just used the pre-existing HP software to restore the machine to factory issue from the info stored on the (supposedly read-only) recovery harddisk. Can I do that again? It claimed to reformat the C-drive, last time. OTL is currently scanning.
  5. tama06
    Where do I find/acquire OTL?
  6. tama06
    MBAM Full Scan (including external drives): Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tama06 :: UTANO2 [administrator] Protection: Enabled 7/15/2012 12:35:06 AM mbam-log-2012-07-15 (00-35-06).txt Scan type: Full scan (C:\|D:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 479645 Time elapsed: 1 hour(s), 32 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. tama06
    Avast! log (full boot-time scan of all drives and removable drives): 07/14/2012 16:35 Scan of all local drives File C:\HP\BIN\EndProcess.exe is infected by Win32:KillApp-W [PUP], Moved to chest File C:\Music\iTunes\iTunes Media\Downloads\Bejeweled 2 + Blitz.tmp\download.app|>Payload\Bejeweled2.app\music\BeyondNetwork.caf Error 42125 {ZIP archive is corrupted.} File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chest File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Parser.class is infected by Java:Agent-ZA [Expl], Moved to chest File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chest File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chest File C:\Users\Tama06\Music\iTunes\iTunes Media\Downloads\Hero Academy.tmp\download.app|>Payload\itactics.app\data\UI_FacebookButton_Pressed.png Error 42125 {ZIP archive is corrupted.} Number of searched folders: 50768 Number of tested files: 1510134 Number of infected files: 6
  8. tama06
    Avast! is still running, looks like the two scans will take all day to finish. I had to make a "Custom Scan" for Avast, because it's "Full Scan" doesn't include external drives. I'll post reports when I get them. Looking through my files, the ransomware didn't encrypt all my files, by far. It looks like I caught it before it encrypted most things, in fact. Most of what IS encrypted is also saved on my external drive (which doesn't seem to have any encrypted files on it that I've found so far). I'll have to sort through some folders to make sure I have the back-ups, but it should be okay. So, it looks like, all in all, I only lost about a week's worth of work on a current project, if those files can't be restored. That's annoying, but it could be so much worse. Thank you so much for your help! Then, since I'm going to have to reformat this machine, I really only have one more question: I keep my iTunes library on the laptop, and after I reformatted the laptop last year, it was a serious pain in the behind to restore my iTunes library and re-sync it with my devices. Is there a way you know of to make that less painful?
  9. tama06
    I scanned just the external drive with both Avast! and MBAM, and they both came back clear. Running full scan with Avast! now, will run full scan with MBAM when Avast! is finished.
  10. tama06
    I have hundreds of files which now have a .crypt extension. All my pictures, Word documents, PDFs, Excel sheets, etc. The original file name is intact ("cat.jpg" or whatever) but the .crypt is tacked on the end and I can't open them with any programs ("cat.jpg.crypt"). On the other boards where I've read about ransomware hacks, they have located the decryption file somewhere on the computer and then used that and some decryption software to restore the files (like in this forum: http://www.bleepingcomputer.com/forums/topic457317.html/page__p__2739192#entry2739192 , where someone named "Fabian" created a program called "decrypt_birele" and used the decryption key, called cconf.txt.enc, to save the guy's files).
  11. tama06
    Okay. Passwords changed. Luckily, I don't use the laptop for much more than Facebook and email. My husband does all the online bank stuff on his computer with his own accounts/passwords. I'm actually okay with a reformat, because I've done it before on this machine. Well, I did the installed "restore to factory-ussue," will that work again? I'd really like to see if any of my files can be decrypted, first. And then, of course, I'd like to know about whether my portible HD was infected/encrypted. Can we do that?
  12. tama06
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/2/2011 3:35:56 PM System Uptime: 7/13/2012 9:51:08 AM (9 hours ago) . Motherboard: Wistron | | 3612 Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 105.526 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 6/14/2012 9:28:44 AM - Windows Update RP83: 6/19/2012 9:24:05 AM - Windows Update RP84: 6/21/2012 7:36:29 AM - Windows Update RP85: 6/26/2012 9:09:52 AM - Windows Update RP86: 7/12/2012 9:06:45 AM - Scheduled Checkpoint RP88: 7/13/2012 6:14:44 PM - avast! Free Antivirus Setup RP89: 7/13/2012 6:15:15 PM - avast! Free Antivirus Setup RP90: 7/13/2012 6:16:13 PM - avast! Free Antivirus Setup . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Acrobat.com Activate Norton Online Backup ActiveCheck component for HP Active Support Library Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Premium Adobe Download Assistant Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.4.6 Adobe Widget Browser Amazon Add to Wish List IE Extension 1.2 Amazon MP3 Downloader 1.0.12 Apple Application Support Apple Software Update Atheros Driver Installation Program Audacity 1.3.13 (Unicode) avast! Free Antivirus Bing Bar calibre Choice Guard Compatibility Pack for the 2007 Office system CyberLink DVD Suite Dropbox ERUNT 1.1j GIMP 2.6.11 Homepage Protection HP Advisor HP Customer Experience Enhancements HP DVD Play 3.7 HP Games HP Quick Launch Buttons HP Setup HP Smart Web Printing HP Support Assistant HP Update HP User Guides 0156 HP Wireless Assistant HPAsset component for HP Active Support Library Java Auto Updater Java 6 Update 29 Junk Mail filter update LabelPrint LAME v3.98.3 for Audacity LightScribe System Software LIMBO Magic Set Editor 2.0.0 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal PDF Settings CS5 pdfsam PictureMover Power2Go PowerDirector PowerRecover QLBCASL QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek USB 2.0 Card Reader Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Messenger YouTube Downloader 3.4 . ==== Event Viewer Messages From Past Week ======== . 7/13/2012 9:52:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/13/2012 9:50:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 7/13/2012 11:01:47 AM, Error: Application Popup [1060] - \??\C:\Users\Tama06\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/12/2012 9:15:35 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 7/12/2012 12:19:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 7/12/2012 10:51:46 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 7/12/2012 10:50:37 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/12/2012 10:49:06 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File ===========================
  13. tama06
    . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Tama06 at 18:25:22 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1624 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\HP\QuickPlay\QPService.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\system32\msiexec.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\vssvc.exe C:\Windows\system32\WUDFHost.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm . ============= SERVICES / DRIVERS =============== . R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-13 44808] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-07-14 00:24:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\offreg.dll 2012-07-14 00:18:08 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-14 00:18:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-14 00:18:00 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-14 00:16:40 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-14 00:15:09 -------- d-----w- C:\ProgramData\AVAST Software 2012-07-14 00:15:09 -------- d-----w- C:\Program Files\AVAST Software 2012-07-13 21:29:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\mpengine.dll 2012-07-13 17:01:46 -------- d-----w- C:\Users\Tama06\AppData\Roaming\f-secure 2012-07-13 17:01:34 -------- d-----w- C:\ProgramData\F-Secure 2012-07-13 15:49:09 711240 ----a-w- C:\Windows\isRS-000.tmp 2012-07-12 18:22:35 -------- d-----w- C:\Users\Tama06\DoctorWeb 2012-07-12 16:58:09 -------- d-----w- C:\$RECYCLE.BIN 2012-07-12 16:34:04 98816 ----a-w- C:\Windows\sed.exe 2012-07-12 16:34:04 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-12 16:34:04 256000 ----a-w- C:\Windows\PEV.exe 2012-07-12 16:34:04 208896 ----a-w- C:\Windows\MBR.exe 2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes 2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB2367 2012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About 2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod 2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes 2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 18:29:12.26 ===============
  14. tama06
    Farbar Service Scanner Version: 08-07-2012 Ran by Tama06 (administrator) on 13-07-2012 at 18:22:35 Running from "C:\Users\Tama06\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  15. tama06
    F-Secure Log: Scanning Report Friday, July 13, 2012 11:01:45 - 18:11:22 Computer name: UTANO2 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 10 malware found Trojan.Sirefef.HD (spyware) System (Disinfected) Trojan.Sirefef.HC (virus) C:\Users\Tama06\DoctorWeb\Quarantine\00000001.0.vir (Renamed & Submitted) Trojan.Sirefef.HD (virus) C:\Users\Tama06\Desktop\RK_Quarantine\80000000.@.vir (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Option.class (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Parser.class (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\SmartyPointer.class (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\ThreadParser.class (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\XML.class (Not cleaned) Java.Exploit.CVE-2010-0840.F (virus) C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2 (Renamed & Submitted) Trojan.Generic.KDV.343079 (virus) C:\Users\Tama06\Adobe\Adobe CS 5.5 Master Collection Keygen.exe (Renamed & Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 1354362 System: 5699 Not scanned: 265 Actions: Disinfected: 1 Renamed: 3 Deleted: 0 Not cleaned: 6 Submitted: 3 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTMSMPPSSESSION7.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\DB.MDB C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\EDB.LOG C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\TMP.EDB C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT C:\USERS\TAMA06\NTUSER.DAT C:\USERS\TAMA06\NTUSER.DAT.LOG1 C:\USERS\TAMA06\NTUSER.DAT.LOG2 C:\Users\Tama06\Pictures\Suit!\IMG_1443.JPG.crypt\Öæ£Îþ…_ó ›¤{¿ä/Öà¯üUåÒϬ.ý­ˆàÚ«+jÁ[©œ¡ eä’àRæ†8>ðxII祭pã•°*ZUmZ¿›¶‚ž¡†7†DɶhÁIÖj Wà#·3AOnøýÈC‹äe§&£3'8­EÊ t|_Ï9ûµ~.1„Ï)/½`´B€³zE&ÉÙGJ\”x #ì‰Òû!Ù«&¨[TwÉ´Úâð:i­'§‰ìàgÔªìÖ o› C:\Users\Tama06\D&D\Amethyst\Carnelian.jpg.crypt\Carnelian.jpg C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML25F4.TMP C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML4073.TMP C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DF74FA4FF2940AEFB7.TMP C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DFD9A76D91605CE639.TMP C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3712 C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3892 C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1 C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2 C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{8C0BEBA5-CD0A-11E1-8D83-001F16E4E501}.DAT C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{8C0BEBA6-CD0A-11E1-8D83-001F16E4E501}.DAT C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1 C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2 C:\SYSTEM VOLUME INFORMATION\{05D40FBB-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{05D41025-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{05D41167-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{5E2CD4EB-B4B2-11E1-B09D-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6EF27613-CC27-11E1-A3EC-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{F2EF970D-B09C-11E1-8976-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT C:\QOOBOX\BACKENV\SETPATH.BAT C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT C:\QOOBOX\BACKENV\SYSPATH.DAT C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT C:\QOOBOX\BACKENV\VIKPEV00 C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCK C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023A09930FCB1F1F059D14EB0DE492A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\004E32627294529491480FBBE153EF24_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\015C1F80A7403708A4AB1861181999E1_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\037E042A34815B40C14F16B223D34F25_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054D86EF426DE41AD0E8309DA00567D4_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\059178C90CC53A035DE5C895C49DEA03_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05A7D7FE9669EB11C031FC43D1CB92E2_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0751E435D121D1AD0D7B91963CC4D423_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A8039BFEA011916597091AFD866DAFC_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA4B30D56E05E01D74915D2C4DB4859_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2667727A0457329E1735092B10D2AC_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DFBE1E2370FFBE97F455F1EEAD364A4_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E673C390E5297994D6CAA36B646C461_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1047AE68586FA7C6D9FCC6B32624F742_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13D7B92FB2DF1CD27B3F4FFF77E62B46_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14844233771F299EDEDE2792E2A180C8_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\149B507FBE1950DA996A2F1EED60C958_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\166F283D260533A264024012995F60A0_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\173E8C9282BD6D65812067113E351717_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18A08BF6A58AFDB303726B28BF4CADC4_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19DDEA38175492BE7B36A7DFFFA31FFC_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AF83DF7D91FA59936C049AFE97B874A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CFDC3D09EA28AE2B367AF6B9795296D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F05682064715BE44E8CE54DFB6F3088_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDF5CBF381017DF5FB5BF857A7AD47F_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22FECBEB81BC20D93F99FFC6BEA8392D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24D352DB46D72D90AFFD7C58DB1DCEF5_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\254479635196FA256872654206AF9F14_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F311F0AEE6E9B10F8428BB631D02D7_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26636AAF471B4CDA8CC7CD14D49808BA_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2975604C9DF2724FF598551FEC4778BB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A03A66999E3C5C400F0CE26A969E018_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A704553134981FD3F727F2A54AD1946_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C75FA390312DB42E3B51F15CEA1295C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E475F1F471157F7A17A0C0117A52D1C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E809F8E86286FD7993BC887D1FBEE12_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F581582DB524BF8380C88C5EF144AAD_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307FB8FDDE71DB117A7F20C564FACD6D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3191E9FC7AA1DA5C2921BA4C8F677BED_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BAB8D22518680C7BE2EBC555B30E3D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\337D30977E796DC6858FC921CD279A6E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34E400EAC01A9D94780D50CB38E7EFAB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37305FE87B34C966E948B7D3491F8288_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\391755304035AE77C07B475E1CF880E9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3927A91D940750998A519C2426D213C1_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB104003FE82EA3627667C1407602D2_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AEC4C4AD99649A88A8074D67B598865_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C3ECC43C315D6919F2E05C669FBADE4_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DAD63AE2BF59F3D72E168B814EE6EB9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EEF90A787A4403D32BA427802131C43_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C1ED5ED5A632F550DE57028C9C8F833_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\426888E4AAEE3A07B542D707363CEAC6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\428F80A573E8B9E507B5AAC2E440F2ED_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442EF5E848053F3C855136CC8EA11741_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\481ACC89BC2FF216D30AE5072EFA363E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49A189AE40786F8EE2AAA55F8DB29A51_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A8F55427279F3A9B466D966FA062DD9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D5598A22F24BF4BA13462BD0C2E265E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F02527DC0B6ECE937CBA7BA22FF24DF_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F88B835B4053F4117A1AAFD59C45500_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51336723B5B0448BADBF82E1E8B2FDC9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514308564C3A560A7C5596BE82B8A2E6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D03A2A234E0E6FB300A162BE1D1F3F_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53FF0FFC5A343969D7BC9EAE4E8FEF9C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FAC8BA6653560BC338C276C8FE64A0_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\555E78B280276C048A68F3FB8A73F905_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B684FC199621178166F3C7588A25BD3_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C37E290A11D34DC0752A0EB1A66D36C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF1724D768752E35AD707BE664E08B6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE6ABC571A4D94AA5FD91D2420C25EB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\627FC01625EB52BC989C6534421440B8_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63C616E66649021D3783BA97D4061823_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66937842298C607883D958FBBB5B4F4E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67937AC9E6232500B12667EB1222BD65_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68220E79D81C2B588814AB040767918A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C6AFF8CED042568554758E188BE94BF_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E3C2A1D745AED18DA86E7F6F86F28BE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4697765F36A792FC4A3C23A0C77B1A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70324271C5E9D8C3734FA000267B5E0C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70431BDC2CE9F58BA3E5818E76589DBB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71E02BECABA09080E70A4B0A07FF654C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722FC48E76E225207A196DC10701CEE5_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\733E2A55640F01BC53022A1EC8C29E64_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73DB87CBF000D3A6BD02895146C8027B_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7480936C041CF339D03C27AC6AE75A10_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C1DA611EFFDAF3DF0CAF5ABEB7F6840_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76003A7B73E7AE8EC9F242A19FA4E8FC_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E33A738864C0BC3279E29EBB72C4983_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8474FAFBC70723CD6C1F01D9B5F3A366_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86A9A40668CEDDDE7E6BB37730EB4FB7_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86E98987559D25C1C6DBC5D737AAFD49_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\743F26E029A3ADF60F993E909E6B021D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D2380D39AB7B16B7582CB39B7DDCE2_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88A3D54A7EC9DF2EA952D65086203EFB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89EFC6ECD487451665DF97FED1EF54F9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D27D884CD9485CF18398AA45D2279A6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90DF7E0EFCC9D3704BCCC3A12D5E1907_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92A5F283970B47689631294BE03A1CFE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91E7B840B443BF6465B6DD07CA0101F9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87CCBB936B9BA1366044B2F6DB4FD2BD_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9080802E676539FBC39C1283A5D1AC32_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAE54542613F4BFA1879BCC9467E7FA_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\930D9EFDA230E291251D445D60775753_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939956C8739BC26F04056237C9265DBA_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939FC98ADDDF9C325B53DA9156D40318_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\962A21942C55DA1A7ADA8A1F14F1462B_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\972FF1AF498B9FBF4ABE61A610C6C6DE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9836F5E59A45C05AA51A0D72B7096BB5_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C9EEE0F5C86D382F83B9E97773278AB_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CB24971D9AE01D36FC45E4BE25BF13E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95F06DF930B0E8309CE2D95ECA312DFA_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DFEC73AFFFED53DB5390EFE39C1873B_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01E454361C8AACED2C7BBF77E979859_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1DEAD1A79DF30F1A1C075797152C5D9_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A55695D9658C2D5CAB3FECB6615626_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D0EB9782B6816CE2AB3C945289954B5_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A995EBA14F2DE9C09A0C60770039A034_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3886FF1F0E1F0CAAA287091D4AB8FA_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A683196FAA727E5AD9A4384FA95A23B8_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA93757004905B3AA27E41A6DB3092D8_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC0E2E98A27C74E66667474CCF37670F_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACB5B2A991D6CD7FB4EDD8C1CCB19BA7_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEEB614C384BAAE42ED3D238EA75B37C_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B148F0E2C4A123390C8A6BA6AE4DCC05_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B225661569272486EF07E857429DD0DE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3026D8E3C9B53C72FF1FAE86E99FD20_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B56B7286C135D241CD64396625A247E1_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9BE975BE07E4A947AD2712ACD7D655A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7083574F7661E25F12EB1680BD0A34_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC78D95A6369022609750E424241994D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD2CAE0A1163AE6A458478D14759F311_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF78867275F5E37D58B290A73BE5B510_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53A854B5AD0F9BA0F8228D2CC745CD6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5B5DC68D6B635226B1FAC5984E8A97B_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5CA4685A2C367FAFDAE9D03B3CAB891_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6C0BCC2CA11CA5BE407C972E7D4B126_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7120D52F5D3B4534D61A3B97C2D288A_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7F493DCB4D5A8563E44607421D3DC11_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C836C5A242D9389B969EBB57762E9039_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91447D127AB192758D21C520845D31E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA2FDC19372176E4FB7C9687E0147394_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE36B79C6BA3F09F8FAC13F28971DE9E_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D109226ADBDBE0A410F7ED8A804D2F55_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D19BD41E8F8FA7F2009EE3FB0042EFDE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1AADD4DA52CFC5185A1FDAC873A271D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D458ED380DBF2C57AA77E8F9F835C796_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4778E975A9CAA0FF4EAAD35607631D1_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5CBA3DAEB5035C2E9656E089CA1CAB6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6DB7D58A08D2B269550D9000D81CAED_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DABF586E428D2363ED8BDDA15F9FDB14_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCBE8FC637D4D2259870AC311133980_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E25AD1D3A9B5A6E906E869A1FC059926_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2DEC7E0A7FBD474CF05F50D17F13BFE_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E405756E72D7E01B0B008D8709B02B1B_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E41B99674FB2FF9A946B107D18A3DBF2_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5C23FA99E5EE6D9BB120F440BCDA67F_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E82052BEF7CE862D4CE456AC4F07A008_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9721298D580E21C54F344993F1235E4_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD0D1D8281DAA7BB67F8FA64F222EA6_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDF580F42DA2F5A70100A826F4AED6B5_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF8F3E65639EF037151FE44BB6A49A44_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F58B69DE34FA9505A517E78A2AEA74D2_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F654B194F57338B3A4C2C85F8B813E54_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F71EBF847CD2CD03A8919568C2C14A4F_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C6C525C1B35F71FD25901E6364486D_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8F7EAC9EDCAA754E82F9DFAF95DEBA1_5A0FB4E9-E40B-468F-B872-05B6345F5862 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE53D1876D4BE31BB720DCCE105DEE3D_5A0FB4E9-E40B-468F-B872-05B6345F5862 -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan all files Scan inside archives Use advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2009 Product support | Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  16. tama06
    F-Secure has been at 99% for 700,000 files... My laptop is where I keep all my media; music, vacation photos, ebooks, PDFs, Word documents, files for work, etc... Lots of files to individually scan. Sorry these scans are taking so long. Thank you for sticking with me.
  17. tama06
    F-Secure is currently scanning. If by "ransom" rogue, you mean the pop up that told me where to send the money, that's been gone since before we started. When I ran MBAM after updating it the first time, before I left for Europe, it killed the file that made the message pop up. Right now, I have Avast downloaded but have not installed it on the laptop (since you want me to disable my antivirus for most steps, anyway). I'm curious what you mean about Avast being finicky?
  18. tama06
    mbam log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tama06 :: UTANO2 [administrator] Protection: Enabled 7/13/2012 9:56:23 AM mbam-log-2012-07-13 (09-56-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211395 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  19. tama06
    I turned the wifi back on long enough to update MBAM (twice--it updated and restarted and then told me it was out of date again)... And now it is running the Quick Scan.
  20. tama06
    DrWeb.csv: getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Probably SCRIPT.Virus;Moved.; xvdohukqaugtf[1].pdf;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Exploit.PDF.2597;Deleted.; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6;Probably SCRIPT.Virus;Moved.; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AF;Probably SCRIPT.Virus;Moved.; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ; 00000001.@.vir;C:\Documents and Settings\Tama06\Desktop\RK_Quarantine;BackDoor.Siggen.46158;Incurable.Moved.; 00000001.@.vir;C:\Documents and Settings\Tama06\DoctorWeb\Quarantine;BackDoor.Siggen.46158;Incurable.Moved.; muimsc.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.; ohevts.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.; getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ; getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
  21. tama06
    RKreport: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Tama06 [Admin rights] Mode: Remove -- Date: 07/12/2012 12:17:25 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] a8881ba5916fc08d980df47ee42eb746 [bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  22. tama06
    DrWeb is done. There were no items with the icon you showed. They all had a single blank white page icon next to them. One item, which it said was deleted, had no icon at all. I have the options to "Select All" (or I can individually select items), "Cure" "Rename" "Move" and "Delete" It says that there were 3 infected objects and 14 suspicious. It deleted one of the infected and says "Incurable. Moved" for the other two. I made the report file, and when I go to exit the program, it warns me that nothing has been done with the suspicious files. Should I exit anyway? Or should I do a "Select All" and "Move" ? When I have all of the objects selected, the "Cure" button is greyed out.
  23. tama06
    I'm bothering the laptop every half hour or so to keep it from going to sleep. It is plugged into the wall. The scan has also sped up a little since I put the laptop on a cooling mat. It's about 60% done, now.
  24. tama06
    I'm guesstimating that the scan is about 30% complete, now. So, it looks like 10% per hour. I'm not sure I'll still be awake in 7 hours (I'm jet-lagging from my trip), so I'll most likely post the remaining logs and reports tomorrow morning. Thank you again for your continued help!
  25. tama06
    I accidentally sat through the express scan (which found nothing) first. I am now sitting through the Complete Scan, which looks to be less than 10% done. It has found some stuff. I said "Yes to All" and am letting it do its thing.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.