Jump to content


Photo
- - - - -

Ransomware'd


  • This topic is locked This topic is locked
56 replies to this topic

#21 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 12 July 2012 - 01:26 PM

I started the Dr.Web program before grabbing the RKreport and cannot access it right now, while Dr.Web is in "Enhanced Protection Mode."
I will post it ASAP.

#22 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 July 2012 - 01:51 PM

ok. I hope you have started the DrWeb Cure-it scan.
Have plenty of patience (infinite patience) since it may take some hours for the scan to finish.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#23 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 12 July 2012 - 02:31 PM

I accidentally sat through the express scan (which found nothing) first. I am now sitting through the Complete Scan, which looks to be less than 10% done.
It has found some stuff. I said "Yes to All" and am letting it do its thing.

#24 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 12 July 2012 - 05:14 PM

I'm guesstimating that the scan is about 30% complete, now. So, it looks like 10% per hour.
I'm not sure I'll still be awake in 7 hours (I'm jet-lagging from my trip), so I'll most likely post the remaining logs and reports tomorrow morning.
Thank you again for your continued help!

#25 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 July 2012 - 05:20 PM

Get your rest. Let it run on it's own. I believe, iirc, I advised you to have this laptop plugged in to standard power source.
Anyhow, I'd expect the system will eventually go to hibernation or sleep mode (well after the run is finished).
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#26 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 12 July 2012 - 06:25 PM

I'm bothering the laptop every half hour or so to keep it from going to sleep. It is plugged into the wall.
The scan has also sped up a little since I put the laptop on a cooling mat.
It's about 60% done, now.

#27 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 12 July 2012 - 08:44 PM

DrWeb is done. There were no items with the icon you showed. They all had a single blank white page icon next to them. One item, which it said was deleted, had no icon at all.
I have the options to "Select All" (or I can individually select items), "Cure" "Rename" "Move" and "Delete"

It says that there were 3 infected objects and 14 suspicious.
It deleted one of the infected and says "Incurable. Moved" for the other two.

I made the report file, and when I go to exit the program, it warns me that nothing has been done with the suspicious files.
Should I exit anyway?

Or should I do a "Select All" and "Move" ?
When I have all of the objects selected, the "Cure" button is greyed out.

#28 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 July 2012 - 06:02 AM

Select Move.
Then post a copy of the log.

By-the-way, If laptop has a screensaver, you should turn it off until after we are all finished.

Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#29 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 10:50 AM

RKreport:

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Tama06 [Admin rights]
Mode: Remove -- Date: 07/12/2012 12:17:25
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[SUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> DELETED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9250315AS ATA Device +++++
--- User ---
[MBR] a8881ba5916fc08d980df47ee42eb746
[BSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#30 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 10:56 AM

DrWeb.csv:

getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Probably SCRIPT.Virus;Moved.;
xvdohukqaugtf[1].pdf;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Exploit.PDF.2597;Deleted.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6;Probably SCRIPT.Virus;Moved.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AF;Probably SCRIPT.Virus;Moved.;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;
00000001.@.vir;C:\Documents and Settings\Tama06\Desktop\RK_Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;
00000001.@.vir;C:\Documents and Settings\Tama06\DoctorWeb\Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;
muimsc.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;
ohevts.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;
getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;

#31 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 10:59 AM

I turned the wifi back on long enough to update MBAM (twice--it updated and restarted and then told me it was out of date again)...
And now it is running the Quick Scan.

#32 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 11:03 AM

mbam log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.13.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tama06 :: UTANO2 [administrator]
Protection: Enabled
7/13/2012 9:56:23 AM
mbam-log-2012-07-13 (09-56-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211395
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#33 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 July 2012 - 11:22 AM

That is a good result from MBAM. You also got the newest version, 1.62, that is why there was the additional prompt for another Update run.
Now, then,
Online scan at F-secure
Turn off your antivirus so that it does not interfere. Leave your firewall on.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics
When the scan completes, click the "I want to decide item by item" button.
For each item found, Select "Disinfect" and click "Next".
When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

Step 2
Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

Step 3
Make a new run of DDS and copy and Paste the DDS.txt + Attach.txt

Also, Tell me, Is the "ransom" rogue showing? or all gone?

If you have not installed an antivirus, and cost is an issue: Three good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials and Avast!.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
I would suggest you get either Avira or MSE.

My sense of Avast is that it is a 'bit' too finicky.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#34 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 11:59 AM

F-Secure is currently scanning.

If by "ransom" rogue, you mean the pop up that told me where to send the money, that's been gone since before we started. When I ran MBAM after updating it the first time, before I left for Europe, it killed the file that made the message pop up.

Right now, I have Avast downloaded but have not installed it on the laptop (since you want me to disable my antivirus for most steps, anyway).
I'm curious what you mean about Avast being finicky?

#35 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 July 2012 - 12:35 PM

Just from observations helping folks, when we needed to fully turn off Avast (to do other scans) it has been harder to do.
That is not the case with Avira antivirus.

The choice is all yours. After what I listed, you need to make sure an antivirus is installed and updated.
Never, again, be without an antivirus program.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#36 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 05:41 PM

F-Secure has been at 99% for 700,000 files...
My laptop is where I keep all my media; music, vacation photos, ebooks, PDFs, Word documents, files for work, etc... Lots of files to individually scan.

Sorry these scans are taking so long.
Thank you for sticking with me.

#37 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 07:15 PM

F-Secure Log:

Scanning Report
Friday, July 13, 2012 11:01:45 - 18:11:22
Computer name: UTANO2
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\

--------------------------------------------------------------------------------
10 malware found
Trojan.Sirefef.HD (spyware)
System (Disinfected)
Trojan.Sirefef.HC (virus)
C:\Users\Tama06\DoctorWeb\Quarantine\00000001.0.vir (Renamed & Submitted)
Trojan.Sirefef.HD (virus)
C:\Users\Tama06\Desktop\RK_Quarantine\80000000.@.vir (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Option.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Parser.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\SmartyPointer.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\ThreadParser.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\XML.class (Not cleaned)
Java.Exploit.CVE-2010-0840.F (virus)
C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2 (Renamed & Submitted)
Trojan.Generic.KDV.343079 (virus)
C:\Users\Tama06\Adobe\Adobe CS 5.5 Master Collection Keygen.exe (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 1354362
System: 5699
Not scanned: 265
Actions:
Disinfected: 1
Renamed: 3
Deleted: 0
Not cleaned: 6
Submitted: 3
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTMSMPPSSESSION7.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\DB.MDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\EDB.LOG
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\TMP.EDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
C:\USERS\TAMA06\NTUSER.DAT
C:\USERS\TAMA06\NTUSER.DAT.LOG1
C:\USERS\TAMA06\NTUSER.DAT.LOG2
C:\Users\Tama06\Pictures\Suit!\IMG_1443.JPG.crypt\Öæ£Îþ…_ó ›¤{¿ä/Öà¯üUåÒϬ.ý­ˆàÚ«+jÁ[©œ¡ e䒁àRæ†8>ðxII祭pã•°*ZUmZ¿›¶‚ž¡†7†DɶhÁIÖj Wà#·3AOnøýÈC‹äe§&£3'8­EÊ t|_Ï9ûµ~.1„ϝ)/½`´B€³zE&ÉÙGJ\”x #ì‰Òû!Ù«&¨[TwÉ´Úâð:i­'§‰ìàgÔªìÖ o›
C:\Users\Tama06\D&D\Amethyst\Carnelian.jpg.crypt\Carnelian.jpg
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML25F4.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML4073.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DF74FA4FF2940AEFB7.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DFD9A76D91605CE639.TMP
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3712
C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3892
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{8C0BEBA5-CD0A-11E1-8D83-001F16E4E501}.DAT
C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{8C0BEBA6-CD0A-11E1-8D83-001F16E4E501}.DAT
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
C:\SYSTEM VOLUME INFORMATION\{05D40FBB-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{05D41025-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{05D41167-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{5E2CD4EB-B4B2-11E1-B09D-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6EF27613-CC27-11E1-A3EC-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{F2EF970D-B09C-11E1-8976-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT
C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT
C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT
C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT
C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT
C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT
C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT
C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT
C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT
C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT
C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT
C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT
C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT
C:\QOOBOX\BACKENV\SYSPATH.DAT
C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCK
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023A09930FCB1F1F059D14EB0DE492A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\004E32627294529491480FBBE153EF24_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\015C1F80A7403708A4AB1861181999E1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\037E042A34815B40C14F16B223D34F25_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054D86EF426DE41AD0E8309DA00567D4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\059178C90CC53A035DE5C895C49DEA03_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05A7D7FE9669EB11C031FC43D1CB92E2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0751E435D121D1AD0D7B91963CC4D423_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A8039BFEA011916597091AFD866DAFC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA4B30D56E05E01D74915D2C4DB4859_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2667727A0457329E1735092B10D2AC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DFBE1E2370FFBE97F455F1EEAD364A4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E673C390E5297994D6CAA36B646C461_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1047AE68586FA7C6D9FCC6B32624F742_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13D7B92FB2DF1CD27B3F4FFF77E62B46_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14844233771F299EDEDE2792E2A180C8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\149B507FBE1950DA996A2F1EED60C958_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\166F283D260533A264024012995F60A0_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\173E8C9282BD6D65812067113E351717_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18A08BF6A58AFDB303726B28BF4CADC4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19DDEA38175492BE7B36A7DFFFA31FFC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AF83DF7D91FA59936C049AFE97B874A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CFDC3D09EA28AE2B367AF6B9795296D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F05682064715BE44E8CE54DFB6F3088_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDF5CBF381017DF5FB5BF857A7AD47F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22FECBEB81BC20D93F99FFC6BEA8392D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24D352DB46D72D90AFFD7C58DB1DCEF5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\254479635196FA256872654206AF9F14_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F311F0AEE6E9B10F8428BB631D02D7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26636AAF471B4CDA8CC7CD14D49808BA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2975604C9DF2724FF598551FEC4778BB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A03A66999E3C5C400F0CE26A969E018_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A704553134981FD3F727F2A54AD1946_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C75FA390312DB42E3B51F15CEA1295C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E475F1F471157F7A17A0C0117A52D1C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E809F8E86286FD7993BC887D1FBEE12_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F581582DB524BF8380C88C5EF144AAD_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307FB8FDDE71DB117A7F20C564FACD6D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3191E9FC7AA1DA5C2921BA4C8F677BED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BAB8D22518680C7BE2EBC555B30E3D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\337D30977E796DC6858FC921CD279A6E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34E400EAC01A9D94780D50CB38E7EFAB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37305FE87B34C966E948B7D3491F8288_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\391755304035AE77C07B475E1CF880E9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3927A91D940750998A519C2426D213C1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB104003FE82EA3627667C1407602D2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AEC4C4AD99649A88A8074D67B598865_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C3ECC43C315D6919F2E05C669FBADE4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DAD63AE2BF59F3D72E168B814EE6EB9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EEF90A787A4403D32BA427802131C43_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C1ED5ED5A632F550DE57028C9C8F833_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\426888E4AAEE3A07B542D707363CEAC6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\428F80A573E8B9E507B5AAC2E440F2ED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442EF5E848053F3C855136CC8EA11741_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\481ACC89BC2FF216D30AE5072EFA363E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49A189AE40786F8EE2AAA55F8DB29A51_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A8F55427279F3A9B466D966FA062DD9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D5598A22F24BF4BA13462BD0C2E265E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F02527DC0B6ECE937CBA7BA22FF24DF_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F88B835B4053F4117A1AAFD59C45500_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51336723B5B0448BADBF82E1E8B2FDC9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514308564C3A560A7C5596BE82B8A2E6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D03A2A234E0E6FB300A162BE1D1F3F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53FF0FFC5A343969D7BC9EAE4E8FEF9C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FAC8BA6653560BC338C276C8FE64A0_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\555E78B280276C048A68F3FB8A73F905_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B684FC199621178166F3C7588A25BD3_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C37E290A11D34DC0752A0EB1A66D36C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF1724D768752E35AD707BE664E08B6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE6ABC571A4D94AA5FD91D2420C25EB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\627FC01625EB52BC989C6534421440B8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63C616E66649021D3783BA97D4061823_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66937842298C607883D958FBBB5B4F4E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67937AC9E6232500B12667EB1222BD65_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68220E79D81C2B588814AB040767918A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C6AFF8CED042568554758E188BE94BF_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E3C2A1D745AED18DA86E7F6F86F28BE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4697765F36A792FC4A3C23A0C77B1A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70324271C5E9D8C3734FA000267B5E0C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70431BDC2CE9F58BA3E5818E76589DBB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71E02BECABA09080E70A4B0A07FF654C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722FC48E76E225207A196DC10701CEE5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\733E2A55640F01BC53022A1EC8C29E64_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73DB87CBF000D3A6BD02895146C8027B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7480936C041CF339D03C27AC6AE75A10_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C1DA611EFFDAF3DF0CAF5ABEB7F6840_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76003A7B73E7AE8EC9F242A19FA4E8FC_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E33A738864C0BC3279E29EBB72C4983_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8474FAFBC70723CD6C1F01D9B5F3A366_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86A9A40668CEDDDE7E6BB37730EB4FB7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86E98987559D25C1C6DBC5D737AAFD49_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\743F26E029A3ADF60F993E909E6B021D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D2380D39AB7B16B7582CB39B7DDCE2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88A3D54A7EC9DF2EA952D65086203EFB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89EFC6ECD487451665DF97FED1EF54F9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D27D884CD9485CF18398AA45D2279A6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90DF7E0EFCC9D3704BCCC3A12D5E1907_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92A5F283970B47689631294BE03A1CFE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91E7B840B443BF6465B6DD07CA0101F9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87CCBB936B9BA1366044B2F6DB4FD2BD_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9080802E676539FBC39C1283A5D1AC32_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAE54542613F4BFA1879BCC9467E7FA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\930D9EFDA230E291251D445D60775753_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939956C8739BC26F04056237C9265DBA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939FC98ADDDF9C325B53DA9156D40318_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\962A21942C55DA1A7ADA8A1F14F1462B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\972FF1AF498B9FBF4ABE61A610C6C6DE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9836F5E59A45C05AA51A0D72B7096BB5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C9EEE0F5C86D382F83B9E97773278AB_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CB24971D9AE01D36FC45E4BE25BF13E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95F06DF930B0E8309CE2D95ECA312DFA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DFEC73AFFFED53DB5390EFE39C1873B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01E454361C8AACED2C7BBF77E979859_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1DEAD1A79DF30F1A1C075797152C5D9_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A55695D9658C2D5CAB3FECB6615626_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D0EB9782B6816CE2AB3C945289954B5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A995EBA14F2DE9C09A0C60770039A034_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3886FF1F0E1F0CAAA287091D4AB8FA_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A683196FAA727E5AD9A4384FA95A23B8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA93757004905B3AA27E41A6DB3092D8_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC0E2E98A27C74E66667474CCF37670F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACB5B2A991D6CD7FB4EDD8C1CCB19BA7_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEEB614C384BAAE42ED3D238EA75B37C_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B148F0E2C4A123390C8A6BA6AE4DCC05_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B225661569272486EF07E857429DD0DE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3026D8E3C9B53C72FF1FAE86E99FD20_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B56B7286C135D241CD64396625A247E1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9BE975BE07E4A947AD2712ACD7D655A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7083574F7661E25F12EB1680BD0A34_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC78D95A6369022609750E424241994D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD2CAE0A1163AE6A458478D14759F311_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF78867275F5E37D58B290A73BE5B510_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53A854B5AD0F9BA0F8228D2CC745CD6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5B5DC68D6B635226B1FAC5984E8A97B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5CA4685A2C367FAFDAE9D03B3CAB891_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6C0BCC2CA11CA5BE407C972E7D4B126_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7120D52F5D3B4534D61A3B97C2D288A_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7F493DCB4D5A8563E44607421D3DC11_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C836C5A242D9389B969EBB57762E9039_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91447D127AB192758D21C520845D31E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA2FDC19372176E4FB7C9687E0147394_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE36B79C6BA3F09F8FAC13F28971DE9E_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D109226ADBDBE0A410F7ED8A804D2F55_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D19BD41E8F8FA7F2009EE3FB0042EFDE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1AADD4DA52CFC5185A1FDAC873A271D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D458ED380DBF2C57AA77E8F9F835C796_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4778E975A9CAA0FF4EAAD35607631D1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5CBA3DAEB5035C2E9656E089CA1CAB6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6DB7D58A08D2B269550D9000D81CAED_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DABF586E428D2363ED8BDDA15F9FDB14_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCBE8FC637D4D2259870AC311133980_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E25AD1D3A9B5A6E906E869A1FC059926_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2DEC7E0A7FBD474CF05F50D17F13BFE_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E405756E72D7E01B0B008D8709B02B1B_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E41B99674FB2FF9A946B107D18A3DBF2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5C23FA99E5EE6D9BB120F440BCDA67F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E82052BEF7CE862D4CE456AC4F07A008_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9721298D580E21C54F344993F1235E4_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD0D1D8281DAA7BB67F8FA64F222EA6_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDF580F42DA2F5A70100A826F4AED6B5_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF8F3E65639EF037151FE44BB6A49A44_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F58B69DE34FA9505A517E78A2AEA74D2_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F654B194F57338B3A4C2C85F8B813E54_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F71EBF847CD2CD03A8919568C2C14A4F_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C6C525C1B35F71FD25901E6364486D_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8F7EAC9EDCAA754E82F9DFAF95DEBA1_5A0FB4E9-E40B-468F-B872-05B6345F5862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE53D1876D4BE31BB720DCCE105DEE3D_5A0FB4E9-E40B-468F-B872-05B6345F5862
--------------------------------------------------------------------------------
Options
Scanning engines:
Scanning options:
Scan all files
Scan inside archives
Use advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#38 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 07:26 PM

Farbar Service Scanner Version: 08-07-2012
Ran by Tama06 (administrator) on 13-07-2012 at 18:22:35
Running from "C:\Users\Tama06\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#39 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 07:30 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tama06 at 18:25:22 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1624 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\WUDFHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-13 44808]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-14 00:24:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\offreg.dll
2012-07-14 00:18:08 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-14 00:18:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-14 00:18:00 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-14 00:16:40 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-14 00:15:09 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-14 00:15:09 -------- d-----w- C:\Program Files\AVAST Software
2012-07-13 21:29:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\mpengine.dll
2012-07-13 17:01:46 -------- d-----w- C:\Users\Tama06\AppData\Roaming\f-secure
2012-07-13 17:01:34 -------- d-----w- C:\ProgramData\F-Secure
2012-07-13 15:49:09 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-07-12 18:22:35 -------- d-----w- C:\Users\Tama06\DoctorWeb
2012-07-12 16:58:09 -------- d-----w- C:\$RECYCLE.BIN
2012-07-12 16:34:04 98816 ----a-w- C:\Windows\sed.exe
2012-07-12 16:34:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-12 16:34:04 256000 ----a-w- C:\Windows\PEV.exe
2012-07-12 16:34:04 208896 ----a-w- C:\Windows\MBR.exe
2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes
2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB2367
2012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About
2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod
2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes
2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:29:12.26 ===============

#40 tama06

tama06

    New Member

  • Members
  • Pip
  • 42 posts

Posted 13 July 2012 - 07:31 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/2/2011 3:35:56 PM
System Uptime: 7/13/2012 9:51:08 AM (9 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 105.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 6/14/2012 9:28:44 AM - Windows Update
RP83: 6/19/2012 9:24:05 AM - Windows Update
RP84: 6/21/2012 7:36:29 AM - Windows Update
RP85: 6/26/2012 9:09:52 AM - Windows Update
RP86: 7/12/2012 9:06:45 AM - Scheduled Checkpoint
RP88: 7/13/2012 6:14:44 PM - avast! Free Antivirus Setup
RP89: 7/13/2012 6:15:15 PM - avast! Free Antivirus Setup
RP90: 7/13/2012 6:16:13 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe Widget Browser
Amazon Add to Wish List IE Extension 1.2
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Bing Bar
calibre
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Dropbox
ERUNT 1.1j
GIMP 2.6.11
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software
LIMBO
Magic Set Editor 2.0.0
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
PDF Settings CS5
pdfsam
PictureMover
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
7/13/2012 9:52:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/13/2012 9:50:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/13/2012 11:01:47 AM, Error: Application Popup [1060] - \??\C:\Users\Tama06\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/12/2012 9:15:35 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
7/12/2012 12:19:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/12/2012 10:51:46 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/12/2012 10:50:37 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/12/2012 10:49:06 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users