tama06 Posted July 12, 2012 Author ID:570002 Share Posted July 12, 2012 I'm bothering the laptop every half hour or so to keep it from going to sleep. It is plugged into the wall.The scan has also sped up a little since I put the laptop on a cooling mat.It's about 60% done, now. Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570035 Share Posted July 13, 2012 DrWeb is done. There were no items with the icon you showed. They all had a single blank white page icon next to them. One item, which it said was deleted, had no icon at all.I have the options to "Select All" (or I can individually select items), "Cure" "Rename" "Move" and "Delete"It says that there were 3 infected objects and 14 suspicious.It deleted one of the infected and says "Incurable. Moved" for the other two.I made the report file, and when I go to exit the program, it warns me that nothing has been done with the suspicious files.Should I exit anyway?Or should I do a "Select All" and "Move" ?When I have all of the objects selected, the "Cure" button is greyed out. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 13, 2012 ID:570108 Share Posted July 13, 2012 Select Move.Then post a copy of the log.By-the-way, If laptop has a screensaver, you should turn it off until after we are all finished.Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a Quick Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570217 Share Posted July 13, 2012 RKreport:RogueKiller V7.6.3 [07/08/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Tama06 [Admin rights]Mode: Remove -- Date: 07/12/2012 12:17:25¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 1 ¤¤¤[sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> DELETED¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9250315AS ATA Device +++++--- User ---[MBR] a8881ba5916fc08d980df47ee42eb746[bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[4].txt >>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570220 Share Posted July 13, 2012 DrWeb.csv:getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Probably SCRIPT.Virus;Moved.;xvdohukqaugtf[1].pdf;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY;Exploit.PDF.2597;Deleted.;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6;Probably SCRIPT.Virus;Moved.;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AF;Probably SCRIPT.Virus;Moved.;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Documents and Settings\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ;00000001.@.vir;C:\Documents and Settings\Tama06\Desktop\RK_Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;00000001.@.vir;C:\Documents and Settings\Tama06\DoctorWeb\Quarantine;BackDoor.Siggen.46158;Incurable.Moved.;muimsc.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;ohevts.dll.vir;C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming;Probably Trojan.Packed;Moved.;getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FPY8SQ6;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFV6S1TI;Probably SCRIPT.Virus;Invalid path to file ;getInPageJSProcess[1].htm;C:\Users\Tama06\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2AFYDCK;Probably SCRIPT.Virus;Invalid path to file ; Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570223 Share Posted July 13, 2012 I turned the wifi back on long enough to update MBAM (twice--it updated and restarted and then told me it was out of date again)...And now it is running the Quick Scan. Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570233 Share Posted July 13, 2012 mbam log:Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.13.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Tama06 :: UTANO2 [administrator]Protection: Enabled7/13/2012 9:56:23 AMmbam-log-2012-07-13 (09-56-23).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 211395Time elapsed: 5 minute(s), 49 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 13, 2012 ID:570247 Share Posted July 13, 2012 That is a good result from MBAM. You also got the newest version, 1.62, that is why there was the additional prompt for another Update run.Now, then,Online scan at F-secureTurn off your antivirus so that it does not interfere. Leave your firewall on.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease perform this online scan: F-Secure Online Scanner The online scanner is on the bottom right of the page.Follow the directions in the F-Secure page for proper Installation.You may receive an alert on the address bar at this point to install the ActiveX control.Click on that alert and then click "Install ActiveX component".Read the license agreement and click "Accept".Click "Custom Scan" and be sure the following are checked:Scan whole SystemScan all filesScan whole system for rootkitsScan whole system for spywareUse advanced heuristicsWhen the scan completes, click the "I want to decide item by item" button.For each item found, Select "Disinfect" and click "Next".When done, click the "Show Report" button, then copy and paste the entire report into your next replyRe-enable your antivirus.Step 2Download >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into your reply.Step 3Make a new run of DDS and copy and Paste the DDS.txt + Attach.txtAlso, Tell me, Is the "ransom" rogue showing? or all gone?If you have not installed an antivirus, and cost is an issue: Three good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials and Avast!.Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.I would suggest you get either Avira or MSE.My sense of Avast is that it is a 'bit' too finicky. Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570261 Share Posted July 13, 2012 F-Secure is currently scanning.If by "ransom" rogue, you mean the pop up that told me where to send the money, that's been gone since before we started. When I ran MBAM after updating it the first time, before I left for Europe, it killed the file that made the message pop up.Right now, I have Avast downloaded but have not installed it on the laptop (since you want me to disable my antivirus for most steps, anyway).I'm curious what you mean about Avast being finicky? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 13, 2012 ID:570276 Share Posted July 13, 2012 Just from observations helping folks, when we needed to fully turn off Avast (to do other scans) it has been harder to do.That is not the case with Avira antivirus.The choice is all yours. After what I listed, you need to make sure an antivirus is installed and updated.Never, again, be without an antivirus program. Link to post Share on other sites More sharing options...
tama06 Posted July 13, 2012 Author ID:570401 Share Posted July 13, 2012 F-Secure has been at 99% for 700,000 files... My laptop is where I keep all my media; music, vacation photos, ebooks, PDFs, Word documents, files for work, etc... Lots of files to individually scan.Sorry these scans are taking so long.Thank you for sticking with me. Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570445 Share Posted July 14, 2012 F-Secure Log:Scanning ReportFriday, July 13, 2012 11:01:45 - 18:11:22Computer name: UTANO2Scanning type: Scan system for malware, spyware and rootkitsTarget: C:\ D:\--------------------------------------------------------------------------------10 malware foundTrojan.Sirefef.HD (spyware)System (Disinfected)Trojan.Sirefef.HC (virus)C:\Users\Tama06\DoctorWeb\Quarantine\00000001.0.vir (Renamed & Submitted)Trojan.Sirefef.HD (virus)C:\Users\Tama06\Desktop\RK_Quarantine\80000000.@.vir (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Option.class (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\Parser.class (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\SmartyPointer.class (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\ThreadParser.class (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2\json\XML.class (Not cleaned)Java.Exploit.CVE-2010-0840.F (virus)C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2 (Renamed & Submitted)Trojan.Generic.KDV.343079 (virus)C:\Users\Tama06\Adobe\Adobe CS 5.5 Master Collection Keygen.exe (Renamed & Submitted)--------------------------------------------------------------------------------StatisticsScanned:Files: 1354362System: 5699Not scanned: 265Actions:Disinfected: 1Renamed: 3Deleted: 0Not cleaned: 6Submitted: 3Files not scanned:C:\HIBERFIL.SYSC:\PAGEFILE.SYSC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETLC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETLC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETLC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETLC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTMSMPPSSESSION7.ETLC:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETLC:\WINDOWS\SYSTEM32\CONFIG\DEFAULTC:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2C:\WINDOWS\SYSTEM32\CONFIG\SAMC:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1C:\WINDOWS\SYSTEM32\CONFIG\SECURITYC:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2C:\WINDOWS\SYSTEM32\CONFIG\SOFTWAREC:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMC:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULTC:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAMC:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITYC:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWAREC:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEMC:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOGC:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDBC:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDBC:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DATC:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DATC:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\DB.MDBC:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\EDB.LOGC:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3E52760B1AD0567CC1165395829C0C2B148A2378.HOMEGROUPCLASSIFIER\86E353819D404D8E213E365BCDB555D4\GROUPING\TMP.EDBC:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DATC:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DATC:\USERS\TAMA06\NTUSER.DATC:\USERS\TAMA06\NTUSER.DAT.LOG1C:\USERS\TAMA06\NTUSER.DAT.LOG2C:\Users\Tama06\Pictures\Suit!\IMG_1443.JPG.crypt\Öæ£Îþ…_ó ›¤{¿ä/Öà¯üUåÒϬ.ýˆàÚ«+jÁ[©œ¡ eä’àRæ†8>ðxIIç¥pã•°*ZUmZ¿›¶‚ž¡†7†DɶhÁIÖj Wà#·3AOnøýÈC‹äe§&£3'8EÊ t|_Ï9ûµ~.1„Ï)/½`´B€³zE&ÉÙGJ\”x #ì‰Òû!Ù«&¨[TwÉ´Úâð:i'§‰ìàgÔªìÖ o›C:\Users\Tama06\D&D\Amethyst\Carnelian.jpg.crypt\Carnelian.jpgC:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML25F4.TMPC:\USERS\TAMA06\APPDATA\LOCAL\TEMP\FML4073.TMPC:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DF74FA4FF2940AEFB7.TMPC:\USERS\TAMA06\APPDATA\LOCAL\TEMP\~DFD9A76D91605CE639.TMPC:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3712C:\USERS\TAMA06\APPDATA\LOCAL\TEMP\HSPERFDATA_TAMA06\3892C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DATC:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2C:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{8C0BEBA5-CD0A-11E1-8D83-001F16E4E501}.DATC:\USERS\TAMA06\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{8C0BEBA6-CD0A-11E1-8D83-001F16E4E501}.DATC:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVEC:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2C:\SYSTEM VOLUME INFORMATION\{05D40FBB-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{05D41025-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{05D41167-B639-11E1-B9FF-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{5E2CD4EB-B4B2-11E1-B09D-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{6EF27613-CC27-11E1-A3EC-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\SYSTEM VOLUME INFORMATION\{F2EF970D-B09C-11E1-8976-001F16E4E501}{3808876B-C176-4E48-B7AE-04046E6CC752}C:\QOOBOX\BACKENV\APPDATA.FOLDER.DATC:\QOOBOX\BACKENV\CACHE.FOLDER.DATC:\QOOBOX\BACKENV\COOKIES.FOLDER.DATC:\QOOBOX\BACKENV\DESKTOP.FOLDER.DATC:\QOOBOX\BACKENV\FAVORITES.FOLDER.DATC:\QOOBOX\BACKENV\HISTORY.FOLDER.DATC:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DATC:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DATC:\QOOBOX\BACKENV\MUSIC.FOLDER.DATC:\QOOBOX\BACKENV\NETHOOD.FOLDER.DATC:\QOOBOX\BACKENV\PERSONAL.FOLDER.DATC:\QOOBOX\BACKENV\PICTURES.FOLDER.DATC:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DATC:\QOOBOX\BACKENV\PROFILES.FOLDER.DATC:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DATC:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DATC:\QOOBOX\BACKENV\RECENT.FOLDER.DATC:\QOOBOX\BACKENV\SENDTO.FOLDER.DATC:\QOOBOX\BACKENV\SETPATH.BATC:\QOOBOX\BACKENV\STARTMENU.FOLDER.DATC:\QOOBOX\BACKENV\STARTUP.FOLDER.DATC:\QOOBOX\BACKENV\SYSPATH.DATC:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DATC:\QOOBOX\BACKENV\VIKPEV00C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCKC:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BINC:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOGC:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOGC:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDBC:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDBC:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023A09930FCB1F1F059D14EB0DE492A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\004E32627294529491480FBBE153EF24_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\015C1F80A7403708A4AB1861181999E1_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\037E042A34815B40C14F16B223D34F25_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054D86EF426DE41AD0E8309DA00567D4_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\059178C90CC53A035DE5C895C49DEA03_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05A7D7FE9669EB11C031FC43D1CB92E2_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0751E435D121D1AD0D7B91963CC4D423_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A8039BFEA011916597091AFD866DAFC_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA4B30D56E05E01D74915D2C4DB4859_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2667727A0457329E1735092B10D2AC_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DFBE1E2370FFBE97F455F1EEAD364A4_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E673C390E5297994D6CAA36B646C461_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1047AE68586FA7C6D9FCC6B32624F742_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13D7B92FB2DF1CD27B3F4FFF77E62B46_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14844233771F299EDEDE2792E2A180C8_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\149B507FBE1950DA996A2F1EED60C958_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\166F283D260533A264024012995F60A0_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\173E8C9282BD6D65812067113E351717_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18A08BF6A58AFDB303726B28BF4CADC4_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19DDEA38175492BE7B36A7DFFFA31FFC_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AF83DF7D91FA59936C049AFE97B874A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CFDC3D09EA28AE2B367AF6B9795296D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F05682064715BE44E8CE54DFB6F3088_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDF5CBF381017DF5FB5BF857A7AD47F_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22FECBEB81BC20D93F99FFC6BEA8392D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24D352DB46D72D90AFFD7C58DB1DCEF5_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\254479635196FA256872654206AF9F14_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F311F0AEE6E9B10F8428BB631D02D7_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26636AAF471B4CDA8CC7CD14D49808BA_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2975604C9DF2724FF598551FEC4778BB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A03A66999E3C5C400F0CE26A969E018_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A704553134981FD3F727F2A54AD1946_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C75FA390312DB42E3B51F15CEA1295C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E475F1F471157F7A17A0C0117A52D1C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E809F8E86286FD7993BC887D1FBEE12_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F581582DB524BF8380C88C5EF144AAD_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307FB8FDDE71DB117A7F20C564FACD6D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3191E9FC7AA1DA5C2921BA4C8F677BED_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BAB8D22518680C7BE2EBC555B30E3D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\337D30977E796DC6858FC921CD279A6E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34E400EAC01A9D94780D50CB38E7EFAB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37305FE87B34C966E948B7D3491F8288_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\391755304035AE77C07B475E1CF880E9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3927A91D940750998A519C2426D213C1_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB104003FE82EA3627667C1407602D2_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AEC4C4AD99649A88A8074D67B598865_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C3ECC43C315D6919F2E05C669FBADE4_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DAD63AE2BF59F3D72E168B814EE6EB9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EEF90A787A4403D32BA427802131C43_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C1ED5ED5A632F550DE57028C9C8F833_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\426888E4AAEE3A07B542D707363CEAC6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\428F80A573E8B9E507B5AAC2E440F2ED_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442EF5E848053F3C855136CC8EA11741_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\481ACC89BC2FF216D30AE5072EFA363E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49A189AE40786F8EE2AAA55F8DB29A51_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A8F55427279F3A9B466D966FA062DD9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D5598A22F24BF4BA13462BD0C2E265E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F02527DC0B6ECE937CBA7BA22FF24DF_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F88B835B4053F4117A1AAFD59C45500_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51336723B5B0448BADBF82E1E8B2FDC9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514308564C3A560A7C5596BE82B8A2E6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D03A2A234E0E6FB300A162BE1D1F3F_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53FF0FFC5A343969D7BC9EAE4E8FEF9C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FAC8BA6653560BC338C276C8FE64A0_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\555E78B280276C048A68F3FB8A73F905_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B684FC199621178166F3C7588A25BD3_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C37E290A11D34DC0752A0EB1A66D36C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF1724D768752E35AD707BE664E08B6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE6ABC571A4D94AA5FD91D2420C25EB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\627FC01625EB52BC989C6534421440B8_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63C616E66649021D3783BA97D4061823_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66937842298C607883D958FBBB5B4F4E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67937AC9E6232500B12667EB1222BD65_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68220E79D81C2B588814AB040767918A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C6AFF8CED042568554758E188BE94BF_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E3C2A1D745AED18DA86E7F6F86F28BE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4697765F36A792FC4A3C23A0C77B1A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70324271C5E9D8C3734FA000267B5E0C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70431BDC2CE9F58BA3E5818E76589DBB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71E02BECABA09080E70A4B0A07FF654C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722FC48E76E225207A196DC10701CEE5_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\733E2A55640F01BC53022A1EC8C29E64_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73DB87CBF000D3A6BD02895146C8027B_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7480936C041CF339D03C27AC6AE75A10_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C1DA611EFFDAF3DF0CAF5ABEB7F6840_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76003A7B73E7AE8EC9F242A19FA4E8FC_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E33A738864C0BC3279E29EBB72C4983_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8474FAFBC70723CD6C1F01D9B5F3A366_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86A9A40668CEDDDE7E6BB37730EB4FB7_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86E98987559D25C1C6DBC5D737AAFD49_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\743F26E029A3ADF60F993E909E6B021D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D2380D39AB7B16B7582CB39B7DDCE2_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88A3D54A7EC9DF2EA952D65086203EFB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89EFC6ECD487451665DF97FED1EF54F9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D27D884CD9485CF18398AA45D2279A6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90DF7E0EFCC9D3704BCCC3A12D5E1907_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92A5F283970B47689631294BE03A1CFE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91E7B840B443BF6465B6DD07CA0101F9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87CCBB936B9BA1366044B2F6DB4FD2BD_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9080802E676539FBC39C1283A5D1AC32_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAE54542613F4BFA1879BCC9467E7FA_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\930D9EFDA230E291251D445D60775753_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939956C8739BC26F04056237C9265DBA_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939FC98ADDDF9C325B53DA9156D40318_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\962A21942C55DA1A7ADA8A1F14F1462B_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\972FF1AF498B9FBF4ABE61A610C6C6DE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9836F5E59A45C05AA51A0D72B7096BB5_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C9EEE0F5C86D382F83B9E97773278AB_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CB24971D9AE01D36FC45E4BE25BF13E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95F06DF930B0E8309CE2D95ECA312DFA_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DFEC73AFFFED53DB5390EFE39C1873B_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01E454361C8AACED2C7BBF77E979859_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1DEAD1A79DF30F1A1C075797152C5D9_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A55695D9658C2D5CAB3FECB6615626_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D0EB9782B6816CE2AB3C945289954B5_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A995EBA14F2DE9C09A0C60770039A034_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3886FF1F0E1F0CAAA287091D4AB8FA_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A683196FAA727E5AD9A4384FA95A23B8_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA93757004905B3AA27E41A6DB3092D8_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC0E2E98A27C74E66667474CCF37670F_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACB5B2A991D6CD7FB4EDD8C1CCB19BA7_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEEB614C384BAAE42ED3D238EA75B37C_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B148F0E2C4A123390C8A6BA6AE4DCC05_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B225661569272486EF07E857429DD0DE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3026D8E3C9B53C72FF1FAE86E99FD20_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B56B7286C135D241CD64396625A247E1_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9BE975BE07E4A947AD2712ACD7D655A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7083574F7661E25F12EB1680BD0A34_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC78D95A6369022609750E424241994D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD2CAE0A1163AE6A458478D14759F311_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF78867275F5E37D58B290A73BE5B510_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53A854B5AD0F9BA0F8228D2CC745CD6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5B5DC68D6B635226B1FAC5984E8A97B_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5CA4685A2C367FAFDAE9D03B3CAB891_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6C0BCC2CA11CA5BE407C972E7D4B126_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7120D52F5D3B4534D61A3B97C2D288A_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7F493DCB4D5A8563E44607421D3DC11_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C836C5A242D9389B969EBB57762E9039_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91447D127AB192758D21C520845D31E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA2FDC19372176E4FB7C9687E0147394_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE36B79C6BA3F09F8FAC13F28971DE9E_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D109226ADBDBE0A410F7ED8A804D2F55_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D19BD41E8F8FA7F2009EE3FB0042EFDE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1AADD4DA52CFC5185A1FDAC873A271D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D458ED380DBF2C57AA77E8F9F835C796_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4778E975A9CAA0FF4EAAD35607631D1_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5CBA3DAEB5035C2E9656E089CA1CAB6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6DB7D58A08D2B269550D9000D81CAED_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DABF586E428D2363ED8BDDA15F9FDB14_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCBE8FC637D4D2259870AC311133980_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E25AD1D3A9B5A6E906E869A1FC059926_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2DEC7E0A7FBD474CF05F50D17F13BFE_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E405756E72D7E01B0B008D8709B02B1B_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E41B99674FB2FF9A946B107D18A3DBF2_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5C23FA99E5EE6D9BB120F440BCDA67F_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E82052BEF7CE862D4CE456AC4F07A008_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9721298D580E21C54F344993F1235E4_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD0D1D8281DAA7BB67F8FA64F222EA6_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDF580F42DA2F5A70100A826F4AED6B5_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF8F3E65639EF037151FE44BB6A49A44_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F58B69DE34FA9505A517E78A2AEA74D2_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F654B194F57338B3A4C2C85F8B813E54_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F71EBF847CD2CD03A8919568C2C14A4F_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C6C525C1B35F71FD25901E6364486D_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8F7EAC9EDCAA754E82F9DFAF95DEBA1_5A0FB4E9-E40B-468F-B872-05B6345F5862C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE53D1876D4BE31BB720DCCE105DEE3D_5A0FB4E9-E40B-468F-B872-05B6345F5862--------------------------------------------------------------------------------OptionsScanning engines:Scanning options:Scan all filesScan inside archivesUse advanced heuristics--------------------------------------------------------------------------------Copyright © 1998-2009 Product support | Send virus sample to F-SecureF-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570460 Share Posted July 14, 2012 Farbar Service Scanner Version: 08-07-2012Ran by Tama06 (administrator) on 13-07-2012 at 18:22:35Running from "C:\Users\Tama06\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570463 Share Posted July 14, 2012 .DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Tama06 at 18:25:22 on 2012-07-13Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1624 [GMT -6:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\taskhost.exeC:\Windows\system32\msiexec.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\vssvc.exeC:\Windows\system32\WUDFHost.exec:\program files\windows defender\MpCmdRun.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbuInternet Settings,ProxyOverride = *.localBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenmRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)dPolicies-system: WallpaperStyle = 2IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dllBHO-X64: HelloWorldBHO - No FileBHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: SmartSelect - No FileBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllmRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiIE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm.============= SERVICES / DRIVERS ===============.R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-13 44808]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?].=============== Created Last 30 ================.2012-07-14 00:24:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\offreg.dll2012-07-14 00:18:08 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2012-07-14 00:18:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2012-07-14 00:18:00 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2012-07-14 00:16:40 41224 ----a-w- C:\Windows\avastSS.scr2012-07-14 00:15:09 -------- d-----w- C:\ProgramData\AVAST Software2012-07-14 00:15:09 -------- d-----w- C:\Program Files\AVAST Software2012-07-13 21:29:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{376BCB02-D8D7-4F87-8AE3-BB930CEF8D1C}\mpengine.dll2012-07-13 17:01:46 -------- d-----w- C:\Users\Tama06\AppData\Roaming\f-secure2012-07-13 17:01:34 -------- d-----w- C:\ProgramData\F-Secure2012-07-13 15:49:09 711240 ----a-w- C:\Windows\isRS-000.tmp2012-07-12 18:22:35 -------- d-----w- C:\Users\Tama06\DoctorWeb2012-07-12 16:58:09 -------- d-----w- C:\$RECYCLE.BIN2012-07-12 16:34:04 98816 ----a-w- C:\Windows\sed.exe2012-07-12 16:34:04 518144 ----a-w- C:\Windows\SWREG.exe2012-07-12 16:34:04 256000 ----a-w- C:\Windows\PEV.exe2012-07-12 16:34:04 208896 ----a-w- C:\Windows\MBR.exe2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB23672012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll.==================== Find3M ====================.2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts.============= FINISH: 18:29:12.26 =============== Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570464 Share Posted July 14, 2012 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 10/2/2011 3:35:56 PMSystem Uptime: 7/13/2012 9:51:08 AM (9 hours ago).Motherboard: Wistron | | 3612Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 221 GiB total, 105.526 GiB free.D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP82: 6/14/2012 9:28:44 AM - Windows UpdateRP83: 6/19/2012 9:24:05 AM - Windows UpdateRP84: 6/21/2012 7:36:29 AM - Windows UpdateRP85: 6/26/2012 9:09:52 AM - Windows UpdateRP86: 7/12/2012 9:06:45 AM - Scheduled CheckpointRP88: 7/13/2012 6:14:44 PM - avast! Free Antivirus SetupRP89: 7/13/2012 6:15:15 PM - avast! Free Antivirus SetupRP90: 7/13/2012 6:16:13 PM - avast! Free Antivirus Setup.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20Acrobat.comActivate Norton Online BackupActiveCheck component for HP Active Support LibraryAdobe Acrobat X Pro - English, Français, DeutschAdobe AIRAdobe Community HelpAdobe Content ViewerAdobe Creative Suite 5.5 Design PremiumAdobe Download AssistantAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader 9.4.6Adobe Widget BrowserAmazon Add to Wish List IE Extension 1.2Amazon MP3 Downloader 1.0.12Apple Application SupportApple Software UpdateAtheros Driver Installation ProgramAudacity 1.3.13 (Unicode)avast! Free AntivirusBing BarcalibreChoice GuardCompatibility Pack for the 2007 Office systemCyberLink DVD SuiteDropboxERUNT 1.1jGIMP 2.6.11Homepage ProtectionHP AdvisorHP Customer Experience EnhancementsHP DVD Play 3.7HP GamesHP Quick Launch ButtonsHP SetupHP Smart Web PrintingHP Support AssistantHP UpdateHP User Guides 0156HP Wireless AssistantHPAsset component for HP Active Support LibraryJava Auto UpdaterJava 6 Update 29Junk Mail filter updateLabelPrintLAME v3.98.3 for AudacityLightScribe System SoftwareLIMBOMagic Set Editor 2.0.0Malwarebytes Anti-Malware version 1.62.0.1300Microsoft Live Search ToolbarMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft WorksMicrosoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Microsoft_VC90_MFCLOC_x86MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee RevealPDF Settings CS5pdfsamPictureMoverPower2GoPowerDirectorPowerRecoverQLBCASLQuickTimeRealtek 8136 8168 8169 Ethernet DriverRealtek USB 2.0 Card ReaderSeagate DashboardSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterYahoo! MessengerYouTube Downloader 3.4.==== Event Viewer Messages From Past Week ========.7/13/2012 9:52:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.7/13/2012 9:50:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.7/13/2012 11:01:47 AM, Error: Application Popup [1060] - \??\C:\Users\Tama06\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.7/12/2012 9:15:35 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.7/12/2012 12:19:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.7/12/2012 10:51:46 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.7/12/2012 10:50:37 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.7/12/2012 10:49:06 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2012 ID:570597 Share Posted July 14, 2012 This system had some serious trojans. Sirefef (ZeroAccess) as had been noted by DrWeb Cure-it.This is a point where you may want to consider whether to make a clean start.According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.You are strongly advised to do the following immediately.1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.* Take any other steps you think appropriate for an attempted identity theft.You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.htmlHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspxHelp: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570691 Share Posted July 14, 2012 Okay.Passwords changed. Luckily, I don't use the laptop for much more than Facebook and email.My husband does all the online bank stuff on his computer with his own accounts/passwords.I'm actually okay with a reformat, because I've done it before on this machine.Well, I did the installed "restore to factory-ussue," will that work again?I'd really like to see if any of my files can be decrypted, first.And then, of course, I'd like to know about whether my portible HD was infected/encrypted.Can we do that? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2012 ID:570722 Share Posted July 14, 2012 The warning was to insure that you change all passwords, and keep a sharp eye for possible identity theft.Now, I don't believe anything was encrypted. What indications do you have that your files have been so affected?As to the external drive, you can connect it AND do a full scan with your antivirus on all drives, save results. Immediately followed by a full scan with MBAM on all your drives. and post results of both scans. Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570754 Share Posted July 14, 2012 I have hundreds of files which now have a .crypt extension.All my pictures, Word documents, PDFs, Excel sheets, etc.The original file name is intact ("cat.jpg" or whatever) but the .crypt is tacked on the end and I can't open them with any programs ("cat.jpg.crypt").On the other boards where I've read about ransomware hacks, they have located the decryption file somewhere on the computer and then used that and some decryption software to restore the files (like in this forum: http://www.bleepingcomputer.com/forums/topic457317.html/page__p__2739192#entry2739192 , where someone named "Fabian" created a program called "decrypt_birele" and used the decryption key, called cconf.txt.enc, to save the guy's files). Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570762 Share Posted July 14, 2012 I scanned just the external drive with both Avast! and MBAM, and they both came back clear. Running full scan with Avast! now, will run full scan with MBAM when Avast! is finished. Link to post Share on other sites More sharing options...
tama06 Posted July 14, 2012 Author ID:570788 Share Posted July 14, 2012 Avast! is still running, looks like the two scans will take all day to finish. I had to make a "Custom Scan" for Avast, because it's "Full Scan" doesn't include external drives.I'll post reports when I get them.Looking through my files, the ransomware didn't encrypt all my files, by far.It looks like I caught it before it encrypted most things, in fact. Most of what IS encrypted is also saved on my external drive (which doesn't seem to have any encrypted files on it that I've found so far).I'll have to sort through some folders to make sure I have the back-ups, but it should be okay.So, it looks like, all in all, I only lost about a week's worth of work on a current project, if those files can't be restored. That's annoying, but it could be so much worse.Thank you so much for your help!Then, since I'm going to have to reformat this machine, I really only have one more question:I keep my iTunes library on the laptop, and after I reformatted the laptop last year, it was a serious pain in the behind to restore my iTunes library and re-sync it with my devices.Is there a way you know of to make that less painful? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2012 ID:570976 Share Posted July 15, 2012 (edited) If you reformat and then do a clean/new install, you'd have to re-install all your programs and applications, with antivirus being the first one to install.I don't see a workaround for iTunes.If you run this OTL custom scan, I could perhaps see the so-called crypt files in the report.Please close any of your open windows/programs and exit; saving any open work you have.I'd like to have you do a special run of OTL to generate some searches & a new log-report.Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%ALLUSERSPROFILE%\Application Data\*.dll /s%APPDATA%\*.%APPDATA%\*.exe /s%APPDATA%\*.dll /s%SYSTEMDRIVE%\*.exe/md5startthemeui.dllbeep.sysuserinit.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sys/md5stop%USERPROFILE%\..|cconf;true;true;true /FP%USERPROFILE%\..|crypt;true;true;true /FP%USERPROFILE%\..|.crypt;true;true;true /FP%USERPROFILE%\..|smtmp;true;true;true /FP%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINT*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of just OTL logst Edited July 15, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
tama06 Posted July 15, 2012 Author ID:571002 Share Posted July 15, 2012 Avast! log (full boot-time scan of all drives and removable drives):07/14/2012 16:35Scan of all local drivesFile C:\HP\BIN\EndProcess.exe is infected by Win32:KillApp-W [PUP], Moved to chestFile C:\Music\iTunes\iTunes Media\Downloads\Bejeweled 2 + Blitz.tmp\download.app|>Payload\Bejeweled2.app\music\BeyondNetwork.caf Error 42125 {ZIP archive is corrupted.}File C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chestFile C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\Parser.class is infected by Java:Agent-ZA [Expl], Moved to chestFile C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chestFile C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chestFile C:\Users\Tama06\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3e2024ac-3dc94ca2.0|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chestFile C:\Users\Tama06\Music\iTunes\iTunes Media\Downloads\Hero Academy.tmp\download.app|>Payload\itactics.app\data\UI_FacebookButton_Pressed.png Error 42125 {ZIP archive is corrupted.}Number of searched folders: 50768Number of tested files: 1510134Number of infected files: 6 Link to post Share on other sites More sharing options...
tama06 Posted July 15, 2012 Author ID:571003 Share Posted July 15, 2012 MBAM Full Scan (including external drives):Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.13.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Tama06 :: UTANO2 [administrator]Protection: Enabled7/15/2012 12:35:06 AMmbam-log-2012-07-15 (00-35-06).txtScan type: Full scan (C:\|D:\|G:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 479645Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
tama06 Posted July 15, 2012 Author ID:571004 Share Posted July 15, 2012 Where do I find/acquire OTL? Link to post Share on other sites More sharing options...
Recommended Posts