tama06
-
Posts
40 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by tama06
-
-
Just upload the txt file.
-
OTL.txt is too long to post here. I tried breaking it in half, but it's still too long.
The text file is 1920kb !
It is mostly a list of my encrypted files (hundreds of vacation photos, work PDFs, etc).
Do you want any particular part of the file pasted here?
-
Regarding reformatting: last time, I just used the pre-existing HP software to restore the machine to factory issue from the info stored on the (supposedly read-only) recovery harddisk.
Can I do that again? It claimed to reformat the C-drive, last time.
OTL is currently scanning.
-
Where do I find/acquire OTL?
-
MBAM Full Scan (including external drives):
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.13.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tama06 :: UTANO2 [administrator]
Protection: Enabled
7/15/2012 12:35:06 AM
mbam-log-2012-07-15 (00-35-06).txt
Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 479645
Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Avast! log (full boot-time scan of all drives and removable drives):
07/14/2012 16:35
Scan of all local drives
File C:\HP\BIN\EndProcess.exe is infected by Win32:KillApp-W [PUP], Moved to chest
File C:\Music\iTunes\iTunes Media\Downloads\Bejeweled 2 + Blitz.tmp\download.app|>Payload\Bejeweled2.app\music\BeyondNetwork.caf Error 42125 {ZIP archive is corrupted.}
File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chest
File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Parser.class is infected by Java:Agent-ZA [Expl], Moved to chest
File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest
File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chest
File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chest
File C:\Users\Tama06\Music\iTunes\iTunes Media\Downloads\Hero Academy.tmp\download.app|>Payload\itactics.app\data\UI_FacebookButton_Pressed.png Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 50768
Number of tested files: 1510134
Number of infected files: 6
-
Avast! is still running, looks like the two scans will take all day to finish. I had to make a "Custom Scan" for Avast, because it's "Full Scan" doesn't include external drives.
I'll post reports when I get them.
Looking through my files, the ransomware didn't encrypt all my files, by far.
It looks like I caught it before it encrypted most things, in fact.
Most of what IS encrypted is also saved on my external drive (which doesn't seem to have any encrypted files on it that I've found so far).
I'll have to sort through some folders to make sure I have the back-ups, but it should be okay.
So, it looks like, all in all, I only lost about a week's worth of work on a current project, if those files can't be restored.
That's annoying, but it could be so much worse.
Thank you so much for your help!
Then, since I'm going to have to reformat this machine, I really only have one more question:
I keep my iTunes library on the laptop, and after I reformatted the laptop last year, it was a serious pain in the behind to restore my iTunes library and re-sync it with my devices.
Is there a way you know of to make that less painful?
-
I scanned just the external drive with both Avast! and MBAM, and they both came back clear.
Running full scan with Avast! now, will run full scan with MBAM when Avast! is finished.
-
I have hundreds of files which now have a .crypt extension.
All my pictures, Word documents, PDFs, Excel sheets, etc.
The original file name is intact ("cat.jpg" or whatever) but the .crypt is tacked on the end and I can't open them with any programs ("cat.jpg.crypt").
On the other boards where I've read about ransomware hacks, they have located the decryption file somewhere on the computer and then used that and some decryption software to restore the files (like in this forum: http://www.bleepingcomputer.com/forums/topic457317.html/page__p__2739192#entry2739192 , where someone named "Fabian" created a program called "decrypt_birele" and used the decryption key, called cconf.txt.enc, to save the guy's files).
-
Okay.
Passwords changed. Luckily, I don't use the laptop for much more than Facebook and email.
My husband does all the online bank stuff on his computer with his own accounts/passwords.
I'm actually okay with a reformat, because I've done it before on this machine.
Well, I did the installed "restore to factory-ussue," will that work again?
I'd really like to see if any of my files can be decrypted, first.
And then, of course, I'd like to know about whether my portible HD was infected/encrypted.
Can we do that?
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/2/2011 3:35:56 PM
System Uptime: 7/13/2012 9:51:08 AM (9 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 105.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 6/14/2012 9:28:44 AM - Windows Update
RP83: 6/19/2012 9:24:05 AM - Windows Update
RP84: 6/21/2012 7:36:29 AM - Windows Update
RP85: 6/26/2012 9:09:52 AM - Windows Update
RP86: 7/12/2012 9:06:45 AM - Scheduled Checkpoint
RP88: 7/13/2012 6:14:44 PM - avast! Free Antivirus Setup
RP89: 7/13/2012 6:15:15 PM - avast! Free Antivirus Setup
RP90: 7/13/2012 6:16:13 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe Widget Browser
Amazon Add to Wish List IE Extension 1.2
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Bing Bar
calibre
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Dropbox
ERUNT 1.1j
GIMP 2.6.11
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java 6 Update 29
Junk Mail filter update
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software
LIMBO
Magic Set Editor 2.0.0
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
PDF Settings CS5
pdfsam
PictureMover
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
7/13/2012 9:52:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/13/2012 9:50:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/13/2012 11:01:47 AM, Error: Application Popup [1060] - \??\C:\Users\Tama06\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/12/2012 9:15:35 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
7/12/2012 12:19:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/12/2012 10:51:46 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/12/2012 10:50:37 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/12/2012 10:49:06 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tama06 at 18:25:22 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1624 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\WUDFHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-13 44808]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-14 00:24:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\offreg.dll
2012-07-14 00:18:08 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-14 00:18:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-14 00:18:00 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-14 00:16:40 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-14 00:15:09 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-14 00:15:09 -------- d-----w- C:\Program Files\AVAST Software
2012-07-13 21:29:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\mpengine.dll
2012-07-13 17:01:46 -------- d-----w- C:\Users\Tama06\AppData\Roaming\f-secure
2012-07-13 17:01:34 -------- d-----w- C:\ProgramData\F-Secure
2012-07-13 15:49:09 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-07-12 18:22:35 -------- d-----w- C:\Users\Tama06\DoctorWeb
2012-07-12 16:58:09 -------- d-----w- C:\$RECYCLE.BIN
2012-07-12 16:34:04 98816 ----a-w- C:\Windows\sed.exe
2012-07-12 16:34:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-12 16:34:04 256000 ----a-w- C:\Windows\PEV.exe
2012-07-12 16:34:04 208896 ----a-w- C:\Windows\MBR.exe
2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes
2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB2367
2012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About
2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod
2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes
2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:29:12.26 ===============
-
Farbar Service Scanner Version: 08-07-2012
Ran by Tama06 (administrator) on 13-07-2012 at 18:22:35
Running from "C:\Users\Tama06\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
F-Secure Log:
Scanning Report
Friday, July 13, 2012 11:01:45 - 18:11:22
Computer name: UTANO2
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
--------------------------------------------------------------------------------
10 malware found
Trojan.Sirefef.HD (spyware)
System (Disinfected)
Trojan.Sirefef.HC (virus)
C:\Users\Tama06\DoctorWeb\Quarantine\00000001.0.vir (Renamed & Submitted)
Trojan.Sirefef.HD (virus)
C:\Users\Tama06\Desktop\RK_Quarantine\80000000.@.vir (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Option.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Parser.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\SmartyPointer.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\ThreadParser.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\XML.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2 (Renamed & Submitted)
Trojan.Generic.KDV.343079 (virus)
C:\Users\Tama06\Adobe\Adobe CS 5.5 Master Collection Keygen.exe (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 1354362
System: 5699
Not scanned: 265
Actions:
Disinfected: 1
Renamed: 3
Deleted: 0
Not cleaned: 6
Submitted: 3
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTMSMPPSSESSION7.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\DB.MDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\EDB.LOG
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\TMP.EDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
C:\USERS\TAMA06\NTUSER.DAT
C:\USERS\TAMA06\NTUSER.DAT.LOG1
C:\USERS\TAMA06\NTUSER.DAT.LOG2
C:\Users\Tama06\Pictures\Suit!\IMG_1443.JPG.crypt\Öæ£Îþ…_ó ›¤{¿ä/Öà¯üUåÒϬ.ýˆàÚ«+jÁ[©œ¡ eä’àRæ†8>ðxIIç¥pã•°*ZUmZ¿›¶‚ž¡†7†DɶhÁIÖj Wà#·3AOnøýÈC‹äe§&£3'8EÊ t|_Ï9ûµ~.1„Ï)/½`´B€³zE&ÉÙGJ\”x #ì‰Òû!Ù«&¨[TwÉ´Úâð:i'§‰ìàgÔªìÖ o›
C:\Users\Tama06\D&D\Amethyst\Carnelian.jpg.crypt\Carnelian.jpg
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML25F4.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML4073.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DF74FA4FF2940AEFB7.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DFD9A76D91605CE639.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3712
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3892
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{8C0BEBA5-CD0A-11E1-8D83-001F16E4E501}.DAT
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{8C0BEBA6-CD0A-11E1-8D83-001F16E4E501}.DAT
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
C:\SYSTEM VOLUME INFORMATION\{05D40FBB-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{05D41025-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{05D41167-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{5E2CD4EB-B4B2-11E1-B09D-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6EF27613-CC27-11E1-A3EC-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{F2EF970D-B09C-11E1-8976-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT
C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT
C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT
C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT
C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT
C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT
C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT
C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT
C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT
C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT
C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT
C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT
C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT
C:\QOOBOX\BACKENV\SYSPATH.DAT
C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCK
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023A09930FCB1F1F059D14EB0DE492A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\004E32627294529491480FBBE153EF24_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\015C1F80A7403708A4AB1861181999E1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\037E042A34815B40C14F16B223D34F25_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054D86EF426DE41AD0E8309DA00567D4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\059178C90CC53A035DE5C895C49DEA03_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05A7D7FE9669EB11C031FC43D1CB92E2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0751E435D121D1AD0D7B91963CC4D423_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A8039BFEA011916597091AFD866DAFC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA4B30D56E05E01D74915D2C4DB4859_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2667727A0457329E1735092B10D2AC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DFBE1E2370FFBE97F455F1EEAD364A4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E673C390E5297994D6CAA36B646C461_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1047AE68586FA7C6D9FCC6B32624F742_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13D7B92FB2DF1CD27B3F4FFF77E62B46_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14844233771F299EDEDE2792E2A180C8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\149B507FBE1950DA996A2F1EED60C958_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\166F283D260533A264024012995F60A0_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\173E8C9282BD6D65812067113E351717_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18A08BF6A58AFDB303726B28BF4CADC4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19DDEA38175492BE7B36A7DFFFA31FFC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AF83DF7D91FA59936C049AFE97B874A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CFDC3D09EA28AE2B367AF6B9795296D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F05682064715BE44E8CE54DFB6F3088_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDF5CBF381017DF5FB5BF857A7AD47F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22FECBEB81BC20D93F99FFC6BEA8392D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24D352DB46D72D90AFFD7C58DB1DCEF5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\254479635196FA256872654206AF9F14_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F311F0AEE6E9B10F8428BB631D02D7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26636AAF471B4CDA8CC7CD14D49808BA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2975604C9DF2724FF598551FEC4778BB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A03A66999E3C5C400F0CE26A969E018_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A704553134981FD3F727F2A54AD1946_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C75FA390312DB42E3B51F15CEA1295C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E475F1F471157F7A17A0C0117A52D1C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E809F8E86286FD7993BC887D1FBEE12_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F581582DB524BF8380C88C5EF144AAD_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307FB8FDDE71DB117A7F20C564FACD6D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3191E9FC7AA1DA5C2921BA4C8F677BED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BAB8D22518680C7BE2EBC555B30E3D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\337D30977E796DC6858FC921CD279A6E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34E400EAC01A9D94780D50CB38E7EFAB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37305FE87B34C966E948B7D3491F8288_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\391755304035AE77C07B475E1CF880E9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3927A91D940750998A519C2426D213C1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB104003FE82EA3627667C1407602D2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AEC4C4AD99649A88A8074D67B598865_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C3ECC43C315D6919F2E05C669FBADE4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DAD63AE2BF59F3D72E168B814EE6EB9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EEF90A787A4403D32BA427802131C43_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C1ED5ED5A632F550DE57028C9C8F833_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\426888E4AAEE3A07B542D707363CEAC6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\428F80A573E8B9E507B5AAC2E440F2ED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442EF5E848053F3C855136CC8EA11741_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\481ACC89BC2FF216D30AE5072EFA363E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49A189AE40786F8EE2AAA55F8DB29A51_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A8F55427279F3A9B466D966FA062DD9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D5598A22F24BF4BA13462BD0C2E265E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F02527DC0B6ECE937CBA7BA22FF24DF_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F88B835B4053F4117A1AAFD59C45500_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51336723B5B0448BADBF82E1E8B2FDC9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514308564C3A560A7C5596BE82B8A2E6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D03A2A234E0E6FB300A162BE1D1F3F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53FF0FFC5A343969D7BC9EAE4E8FEF9C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FAC8BA6653560BC338C276C8FE64A0_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\555E78B280276C048A68F3FB8A73F905_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B684FC199621178166F3C7588A25BD3_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C37E290A11D34DC0752A0EB1A66D36C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF1724D768752E35AD707BE664E08B6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE6ABC571A4D94AA5FD91D2420C25EB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\627FC01625EB52BC989C6534421440B8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63C616E66649021D3783BA97D4061823_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66937842298C607883D958FBBB5B4F4E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67937AC9E6232500B12667EB1222BD65_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68220E79D81C2B588814AB040767918A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C6AFF8CED042568554758E188BE94BF_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E3C2A1D745AED18DA86E7F6F86F28BE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4697765F36A792FC4A3C23A0C77B1A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70324271C5E9D8C3734FA000267B5E0C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70431BDC2CE9F58BA3E5818E76589DBB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71E02BECABA09080E70A4B0A07FF654C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722FC48E76E225207A196DC10701CEE5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\733E2A55640F01BC53022A1EC8C29E64_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73DB87CBF000D3A6BD02895146C8027B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7480936C041CF339D03C27AC6AE75A10_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C1DA611EFFDAF3DF0CAF5ABEB7F6840_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76003A7B73E7AE8EC9F242A19FA4E8FC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E33A738864C0BC3279E29EBB72C4983_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8474FAFBC70723CD6C1F01D9B5F3A366_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86A9A40668CEDDDE7E6BB37730EB4FB7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86E98987559D25C1C6DBC5D737AAFD49_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\743F26E029A3ADF60F993E909E6B021D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D2380D39AB7B16B7582CB39B7DDCE2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88A3D54A7EC9DF2EA952D65086203EFB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89EFC6ECD487451665DF97FED1EF54F9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D27D884CD9485CF18398AA45D2279A6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90DF7E0EFCC9D3704BCCC3A12D5E1907_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92A5F283970B47689631294BE03A1CFE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91E7B840B443BF6465B6DD07CA0101F9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87CCBB936B9BA1366044B2F6DB4FD2BD_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9080802E676539FBC39C1283A5D1AC32_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAE54542613F4BFA1879BCC9467E7FA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\930D9EFDA230E291251D445D60775753_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939956C8739BC26F04056237C9265DBA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939FC98ADDDF9C325B53DA9156D40318_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\962A21942C55DA1A7ADA8A1F14F1462B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\972FF1AF498B9FBF4ABE61A610C6C6DE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9836F5E59A45C05AA51A0D72B7096BB5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C9EEE0F5C86D382F83B9E97773278AB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CB24971D9AE01D36FC45E4BE25BF13E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95F06DF930B0E8309CE2D95ECA312DFA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DFEC73AFFFED53DB5390EFE39C1873B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01E454361C8AACED2C7BBF77E979859_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1DEAD1A79DF30F1A1C075797152C5D9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A55695D9658C2D5CAB3FECB6615626_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D0EB9782B6816CE2AB3C945289954B5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A995EBA14F2DE9C09A0C60770039A034_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3886FF1F0E1F0CAAA287091D4AB8FA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A683196FAA727E5AD9A4384FA95A23B8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA93757004905B3AA27E41A6DB3092D8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC0E2E98A27C74E66667474CCF37670F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACB5B2A991D6CD7FB4EDD8C1CCB19BA7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEEB614C384BAAE42ED3D238EA75B37C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B148F0E2C4A123390C8A6BA6AE4DCC05_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B225661569272486EF07E857429DD0DE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3026D8E3C9B53C72FF1FAE86E99FD20_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B56B7286C135D241CD64396625A247E1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9BE975BE07E4A947AD2712ACD7D655A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7083574F7661E25F12EB1680BD0A34_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC78D95A6369022609750E424241994D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD2CAE0A1163AE6A458478D14759F311_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF78867275F5E37D58B290A73BE5B510_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53A854B5AD0F9BA0F8228D2CC745CD6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5B5DC68D6B635226B1FAC5984E8A97B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5CA4685A2C367FAFDAE9D03B3CAB891_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6C0BCC2CA11CA5BE407C972E7D4B126_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7120D52F5D3B4534D61A3B97C2D288A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7F493DCB4D5A8563E44607421D3DC11_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C836C5A242D9389B969EBB57762E9039_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91447D127AB192758D21C520845D31E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA2FDC19372176E4FB7C9687E0147394_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE36B79C6BA3F09F8FAC13F28971DE9E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D109226ADBDBE0A410F7ED8A804D2F55_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D19BD41E8F8FA7F2009EE3FB0042EFDE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1AADD4DA52CFC5185A1FDAC873A271D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D458ED380DBF2C57AA77E8F9F835C796_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4778E975A9CAA0FF4EAAD35607631D1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5CBA3DAEB5035C2E9656E089CA1CAB6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6DB7D58A08D2B269550D9000D81CAED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DABF586E428D2363ED8BDDA15F9FDB14_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCBE8FC637D4D2259870AC311133980_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E25AD1D3A9B5A6E906E869A1FC059926_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2DEC7E0A7FBD474CF05F50D17F13BFE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E405756E72D7E01B0B008D8709B02B1B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E41B99674FB2FF9A946B107D18A3DBF2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5C23FA99E5EE6D9BB120F440BCDA67F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E82052BEF7CE862D4CE456AC4F07A008_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9721298D580E21C54F344993F1235E4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD0D1D8281DAA7BB67F8FA64F222EA6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDF580F42DA2F5A70100A826F4AED6B5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF8F3E65639EF037151FE44BB6A49A44_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F58B69DE34FA9505A517E78A2AEA74D2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F654B194F57338B3A4C2C85F8B813E54_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F71EBF847CD2CD03A8919568C2C14A4F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C6C525C1B35F71FD25901E6364486D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8F7EAC9EDCAA754E82F9DFAF95DEBA1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE53D1876D4BE31BB720DCCE105DEE3D_5A0FB4E9-E40B-468F-B872-05B6345F5862
--------------------------------------------------------------------------------
Options
Scanning engines:
Scanning options:
Scan all files
Scan inside archives
Use advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
-
F-Secure has been at 99% for 700,000 files...
My laptop is where I keep all my media; music, vacation photos, ebooks, PDFs, Word documents, files for work, etc... Lots of files to individually scan.
Sorry these scans are taking so long.
Thank you for sticking with me.
-
F-Secure is currently scanning.
If by "ransom" rogue, you mean the pop up that told me where to send the money, that's been gone since before we started. When I ran MBAM after updating it the first time, before I left for Europe, it killed the file that made the message pop up.
Right now, I have Avast downloaded but have not installed it on the laptop (since you want me to disable my antivirus for most steps, anyway).
I'm curious what you mean about Avast being finicky?
-
mbam log:
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.13.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tama06 :: UTANO2 [administrator]
Protection: Enabled
7/13/2012 9:56:23 AM
mbam-log-2012-07-13 (09-56-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211395
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
I turned the wifi back on long enough to update MBAM (twice--it updated and restarted and then told me it was out of date again)...
And now it is running the Quick Scan.
-
DrWeb.csv:
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Probably SCRIPT.Virus;Moved.;
xvdohukqaugtf[1].pdf;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Exploit.PDF.2597;Deleted.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6;Probably SCRIPT.Virus;Moved.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AF;Probably SCRIPT.Virus;Moved.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
00000001.@.vir;C:\Documents and Settings\Tama06\Desktop\RK_Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;
00000001.@.vir;C:\Documents and Settings\Tama06\DoctorWeb\Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;
muimsc.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;
ohevts.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
-
RKreport:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Tama06 [Admin rights]
Mode: Remove -- Date: 07/12/2012 12:17:25
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> DELETED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9250315AS ATA Device +++++
--- User ---
[MBR] a8881ba5916fc08d980df47ee42eb746
[bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
-
DrWeb is done. There were no items with the icon you showed. They all had a single blank white page icon next to them. One item, which it said was deleted, had no icon at all.
I have the options to "Select All" (or I can individually select items), "Cure" "Rename" "Move" and "Delete"
It says that there were 3 infected objects and 14 suspicious.
It deleted one of the infected and says "Incurable. Moved" for the other two.
I made the report file, and when I go to exit the program, it warns me that nothing has been done with the suspicious files.
Should I exit anyway?
Or should I do a "Select All" and "Move" ?
When I have all of the objects selected, the "Cure" button is greyed out.
-
I'm bothering the laptop every half hour or so to keep it from going to sleep. It is plugged into the wall.
The scan has also sped up a little since I put the laptop on a cooling mat.
It's about 60% done, now.
-
I'm guesstimating that the scan is about 30% complete, now. So, it looks like 10% per hour.
I'm not sure I'll still be awake in 7 hours (I'm jet-lagging from my trip), so I'll most likely post the remaining logs and reports tomorrow morning.
Thank you again for your continued help!
-
I accidentally sat through the express scan (which found nothing) first. I am now sitting through the Complete Scan, which looks to be less than 10% done.
It has found some stuff. I said "Yes to All" and am letting it do its thing.
Ransomware'd
in Resolved Malware Removal Logs
Posted
Thank you very much for your time!