Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WORM.WIN32.NETSKY once again

Started by Dwfender , Jan 01 2010 07:22 PM

  • Please log in to reply

#1
Dwfender
Posted 01 January 2010 - 07:22 PM

Dwfender

    New Member

  • Member
  • Pip
  • 2 posts
I have read an endless amount of forum posts regarding this virus at this point. My specific problem is that the virus is stopping me from accessing my desktop, dos, or running in safe made. Essentially all the fixes that have been repeated for other members is not applicable to me. I am sure I am able to get rid of the virus but I am confident I am missing a few key steps. Just looking for some assistance. At this point, when the comuter starts it immediately goes to a black screen. A pop up presents itself describing my infestation of WORM.WIN32.NETSKY and that the spyware caught it yada-yada. From there, there is no way to get to the desktop with task manager or anything like that. Hopefully someone can give me some advice. Thank you in advance.
  • 0

Advertisements

#2
Dwfender
Posted 01 January 2010 - 09:38 PM

Dwfender

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I was finally able to manage to sneak my way into the backdoor of the program. I managed to get into the dos prompt and ran the malware software from a thumbdrive which seems to have knocked it out. I downloaded the rootkit program and just wanted to post the results and see if someone was willing to give it a brief overlook and determine if anything seems out of the ordinary



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 22:35:46
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Dan\AppData\Local\Temp\uwrorkog.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\qohwpc.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C802340, 0x3481F7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000079 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cf2f288
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cf2f288@000761a0dbc8 0x47 0x82 0xF7 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cf2f288 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cf2f288@000761a0dbc8 0x47 0x82 0xF7 0x7C ...

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 38388 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3572 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 17680 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-500\a077ead69703e3bf1fd373a3c9376faa_c02f09c8-8760-466e-bcee-ad820248b58d 77 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-500\a18ca4003deb042bbee7a40f15e1970b_c02f09c8-8760-466e-bcee-ad820248b58d 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-500\370ebaca-4caf-4ceb-9918-612fd1df7514 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\146482325737612d5fbcd71839d49d49_c02f09c8-8760-466e-bcee-ad820248b58d 50 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\62a45886e06c7d046ea8b819bec0598a_c02f09c8-8760-466e-bcee-ad820248b58d 45 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\6b29ae44e85efac3c72ff4d1865d73f1_c02f09c8-8760-466e-bcee-ad820248b58d 53 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\8f71098770f72c7a67cd8f1151619865_c02f09c8-8760-466e-bcee-ad820248b58d 54 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\8f96978fc46d9f00d8780351026924d7_c02f09c8-8760-466e-bcee-ad820248b58d 59 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\932a2db58c237abd381d22df4c63a04a_c02f09c8-8760-466e-bcee-ad820248b58d 87 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\a077ead69703e3bf1fd373a3c9376faa_c02f09c8-8760-466e-bcee-ad820248b58d 77 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\b6571abe34a86b9f4498acd13c726809_c02f09c8-8760-466e-bcee-ad820248b58d 1305 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\cfcd3282100a5c74f6fb046fab0c5a24_c02f09c8-8760-466e-bcee-ad820248b58d 66 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1005\d6db39dc95f8de6ca01fe393d03427fe_c02f09c8-8760-466e-bcee-ad820248b58d 44 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\27889509-0821-43cd-9d7a-b7497af00610 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\2caa5676-52bd-4c9a-824f-62d473b342fb 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\428c91b0-db93-412a-9e85-07a5f3408cd2 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\4933cb1c-6b41-41c6-bf8f-345bf2a0cd8a 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\4b7dc1a0-6a4e-4fa7-b2e9-c510b3d96297 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\4fdc6ca3-8a1d-4205-a3f9-4be16b71d147 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\631a509f-6a28-4d40-a6d2-27a25ffb72d5 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\d781b77a-356d-4092-91c0-df00d3de44e3 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\ecc0a6dc-3157-424f-9ede-cfd07b4130c9 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\626A3E9306718A3165B95B30F2FD27FC19F0D076 921 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Keys 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\7E76C7B999B4BF124350FAD4A1C7892AF674F5CF 152 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1007 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3138164283-3377115375-1441090462-1007\8f96978fc46d9f00d8780351026924d7_c02f09c8-8760-466e-bcee-ad820248b58d 59 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1007 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1007\26315f88-8f33-46f3-a871-dc69a699d8c3 388 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\Protect\S-1-5-21-3138164283-3377115375-1441090462-1007\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Mcx1\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3812127842ff049ec1161b18f0757d62_c02f09c8-8760-466e-bcee-ad820248b58d 2078 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\40a2946dacdbdb7f4221ece3b8b8bc4b_c02f09c8-8760-466e-bcee-ad820248b58d 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\669c1b4e756cb67810a9143a161abca9_c02f09c8-8760-466e-bcee-ad820248b58d 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_c02f09c8-8760-466e-bcee-ad820248b58d 901 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_c02f09c8-8760-466e-bcee-ad820248b58d 2049 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_c02f09c8-8760-466e-bcee-ad820248b58d 1280 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd14323433547cba476a35c2509c2605_c02f09c8-8760-466e-bcee-ad820248b58d 1288 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_c02f09c8-8760-466e-bcee-ad820248b58d 45 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_c02f09c8-8760-466e-bcee-ad820248b58d 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_c02f09c8-8760-466e-bcee-ad820248b58d 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_c02f09c8-8760-466e-bcee-ad820248b58d 893 bytes

---- EOF - GMER 1.0.15 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP