Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer - Folders freezing


  • This topic is locked This topic is locked
18 replies to this topic

#1 adamsapple

adamsapple

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 July 2011 - 07:04 PM

Here is the new topic with what I was able to run. Please reference my previous notes in your email from me.
Again there is no attachment button for the attach file.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by George Malz at 20:48:32 on 2011-06-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1022.319 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/TrueInstall.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{333FDF29-BDF6-4E3D-883C-298B87260CEB} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.startup.homepage - hxxp://fileservehome.com/?tmp=toolbar_FileServe_homepage&prt=fileservetb04ff&clid=8ae0e31b22034512b20a007ceea45a9c
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: FileServe Toolbar: fileserve@fileserve.com - c:\program files\mozilla firefox\extensions\fileserve@fileserve.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-19 28552]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-21 366640]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-21 64080]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-21 22712]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-2-21 188272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-4-7 24880]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-3 1343400]
.
=============== Created Last 30 ================
.
2011-06-28 08:15:52 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{24eef760-4e9b-4f9a-a0fe-718a8b2f842c}\mpengine.dll
2011-06-27 21:00:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-16 07:06:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:06:37 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-16 07:06:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 01:35:46 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 01:35:46 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 01:35:46 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 01:35:45 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:35:45 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 01:35:40 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 01:35:39 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 01:35:39 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 01:35:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 01:35:37 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:35:37 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:35:37 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 14:51:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-27 14:51:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 20:49:05.30 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 04 July 2011 - 08:18 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:47 AM

Posted 04 July 2011 - 08:58 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 04 July 2011 - 09:23 PM

Thanks boopme

I did not know it was in the other forum


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 July 2011 - 10:12 PM

Here is the combo fix log. The computer seems to be much faster and files, software and folders are not hanging and freezing. I would even get freezing when I was typing something like this. The only thing I notice is that after a few days after Combo Fix it all starts slowly happening agian ... then I'm back here bugging you. Is there any way to prevent that?

George



ComboFix 11-07-04.02 - George Malz 04/07/2011 22:54:29.12.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1022.318 [GMT -4:00]
Running from: c:\users\George Malz\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FileServe Toolbar\fiLEservetb.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 03:01 . 2011-07-05 03:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-05 03:01 . 2011-07-05 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 03:01 . 2011-07-05 03:01 -------- d-----w- c:\users\AlexanderNatalia\AppData\Local\temp
2011-07-04 23:55 . 2011-07-04 23:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-04 21:36 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F0CD1AD-08A8-4838-9BF5-58092F450F13}\mpengine.dll
2011-06-29 11:07 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 11:07 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 11:07 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 11:07 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 11:07 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 11:07 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 11:07 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 11:07 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 11:07 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 11:07 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-16 07:06 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 07:06 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:06 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 01:35 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 01:35 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 01:35 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 01:35 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 01:35 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:35 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 01:35 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 01:35 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 01:35 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 01:35 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:35 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:35 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-02-21 20:16 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-02-21 20:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 14:51 . 2010-10-01 20:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-27 14:51 . 2010-10-01 20:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-24 23:14 . 2010-10-01 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 03:36 . 2011-05-20 03:36 29184 ----a-r- c:\users\George Malz\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-04-22 19:36 . 2011-05-25 04:38 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-11 20:57 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 20:57 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 02:32 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 00:44 . 2011-04-09 00:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-09 00:44 . 2011-04-09 00:44 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-09 00:44 . 2011-04-09 00:44 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-09 00:44 . 2011-04-09 00:44 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-09 00:44 . 2011-04-09 00:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-09 00:44 . 2011-04-09 00:44 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-09 00:44 . 2011-04-09 00:44 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-09 00:44 . 2011-04-09 00:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-09 00:44 . 2011-04-09 00:44 367104 ----a-w- c:\windows\system32\html.iec
2011-04-09 00:44 . 2011-04-09 00:44 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-09 00:44 . 2011-04-09 00:44 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-09 00:44 . 2011-04-09 00:44 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-09 00:44 . 2011-04-09 00:44 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-09 00:44 . 2011-04-09 00:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-09 00:44 . 2011-04-09 00:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-09 00:44 . 2011-04-09 00:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-09 00:44 . 2011-04-09 00:44 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-09 00:44 . 2011-04-09 00:44 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-09 00:44 . 2011-04-09 00:44 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-30 624248]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^George Malz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\George Malz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-30 02:14 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
R1 SABKUTIL;SABKUTIL;c:\users\George Malz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0A3FDPT\SASKUTIL.SYS [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-03 1343400]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-02-21 64080]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000Core.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000UA.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.startup.homepage - hxxp://fileservehome.com/?tmp=toolbar_FileServe_homepage&prt=fileservetb04ff&clid=8ae0e31b22034512b20a007ceea45a9c
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: FileServe Toolbar: fileserve@fileserve.com - c:\program files\Mozilla Firefox\extensions\fileserve@fileserve.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-04 23:03:10
ComboFix-quarantined-files.txt 2011-07-05 03:03
ComboFix2.txt 2011-06-27 21:01
ComboFix3.txt 2011-05-31 18:18
ComboFix4.txt 2011-05-19 20:50
ComboFix5.txt 2011-07-05 02:53
.
Pre-Run: 158,778,159,104 bytes free
Post-Run: 158,733,303,808 bytes free
.
- - End Of File - - A1A6ECAB6BA732DE1C3BEA51AA818056

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 04 July 2011 - 11:15 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 July 2011 - 11:24 PM

Leawo AVI Converter version 3.0.0.1
Update for Microsoft Office 2007 (KB2508958)
3ivX MPEG-4 5.0.1 Video CODEC
7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.0)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bonjour
Brother MFL-Pro Suite MFC-465CN
CCleaner
DivX Author 1.5
DivX Version Checker
EASEUS Data Recovery Wizard Professional 5.5.1
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Image Resizer Powertoy Clone for Windows
Iomega Encryption
IspAssistant-FileServe
iTunes
Java Auto Updater
Java™ 6 Update 24
JDownloader 0.9
K-Lite Codec Pack 6.1.0 (Basic)
LG Burning Tools
LG CyberLink PowerDVD 7.0
LG Power Tools
Malwarebytes' Anti-Malware version 1.51.0.1200
Martik MKV to AVI Converter version 3.0 BETA
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
mkv2vob
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Panda ActiveScan 2.0
PDF Settings
QuickTime
RapidShare Manager
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RemoteComms External Disk Access
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
SolveigMM AVI Trimmer
SpywareBlaster 4.4
Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VCRedistSetup
VideoLAN VLC media player 0.8.6f
WinPatrol
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 04 July 2011 - 11:50 PM

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 July 2011 - 11:06 PM

Thanks again, as ussual you are able to make things work. The only thing I noticed was during the HiJack This scan, a message came up that it could not open or process some kind of Host file?



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7030

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

05/07/2011 11:15:52 PM
mbam-log-2011-07-05 (23-15-52).txt

Scan type: Quick scan
Objects scanned: 177278
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 05 July 2011 - 11:47 PM

Hello

Sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 July 2011 - 06:36 PM

Opening websites, files and programs seems to still be delayed.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:35:57 PM, on 06/07/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7385 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 06 July 2011 - 07:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
      O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 07 July 2011 - 09:20 PM

The first part worked but the second scan went to a blank blue page when I tried to start?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 AM

Posted 07 July 2011 - 09:43 PM

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 08 July 2011 - 10:16 PM

14 malware found
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.WebTrendsLive (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Liveperson (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 71497
System: 6475
Not scanned: 221
Actions:
Disinfected: 14
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\959963839AFADE3583B16EB3DFFB8A5716222C8D.HOMEGROUPCLASSIFIER\59E4F1319F9F79BDC6047B69D850945E\GROUPING\DB.MDB
C:\USERS\GEORGE MALZ\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_GEORGE MALZ\4512
C:\USERS\GEORGE MALZ\APPDATA\LOCAL\TEMP\HSPERFDATA_GEORGE MALZ\3412
C:\SYSTEM VOLUME INFORMATION\{181A5977-A685-11E0-948A-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{420C6346-A951-11E0-BE59-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{BE08A654-A77C-11E0-BE99-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{181A59A4-A685-11E0-948A-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{ECA3CBF4-A698-11E0-80F2-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{ECA3CC68-A698-11E0-80F2-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{A3B30498-A201-11E0-859F-001FBC00392C}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0451A714CFFFE00F068F80DEB8C11016_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08634D6E7E98A6F3703F32F25A8C556C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09CAEE3499EE4AD97F1FA2041D8DFD31_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01F81CA1496DD64039884217DAD0FC61_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\000836B2D7E4759A7F6E1808F2D0CF39_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02645F7E790B04777FE0567562662D4C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CE08FF555D232948EFE5013CE06B63F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1065D3CD2E04F57951C997B98CC8928F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11644BE81F989D8C284D5BA4281725A9_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10C70186B35767ED48973C53D9F1E2EB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1185B6741FCBB0C3E0A0E5DC63E9FBC6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12B4F69FB6AFB2848F80228FFEFC997C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\130322936F3275F06AA137CE52DEF036_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\132A64007E1CD2F15725D845583C5557_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13B5EEFC15A11B5A1B63F03ACAEF23E0_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13FA4C0FBB45FB94B561262831AF30D1_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BBC2A470ECA1D1BC8717E0A1AE21A65_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1691DFE692F2C0CD8FD98E72D042C50E_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\117C7B6855D0702430625534542F1178_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1853514166F3FDA49A5E9EC37D389ABA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\191B6D8D5DADD1DA910C50F95C7F1079_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14EA476E846574FD7BC7BDF91C384965_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\188F19B091B1EEEEFD0871A95343629F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AE8688F668A9D86E787DB05C3D6DF77_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A966B4A36E9A965E8A648C83DA1DF8C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F66D26A62951617F74D47095E949855_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24498561D94B960E7F5839F1BE81E69F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\228B3477996C39A746639C6A225CEE26_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29B4B09D2D7A1B3677A89A2267C6C488_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\237ED96DBD42C7F626B5164F1C864BA3_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A008BD69C422CA9EAC109D4C6DDC455_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\274A32151F1BB61226F7CE652D03E361_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F69B5D589BEA401E01A27BBE28C4B3C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FE87D29E06F2C7AF11A8A54A668BDA8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F8AAB0BE8CE480B230694A1ABD541FE_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D52EF53B4418FA82C2E835570D5E62B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3292E5F24D025A21E9E567990BA900A0_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3044C7C1D1C94E20C521F0966F2234AF_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3620C683AB2EF3AFCA8861ED31F2B672_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3168593A96A6762F5B6CBB5AB0BB6FF2_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A0D2C73194999302C0FAAC0B1FAB03A_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BE34975767D0AC547502A09EA921EB7_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39BA6072F365D94AAA0B970EBBC5C28F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FA7EE2DC05F296BC67BB053F9B6D14B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F8662D05FA7C356BE5ECBFC7DF83F2B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41E030D0150CF8A9206318E629B6C793_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4262AF8F9799F9C2A6144697FF89C82F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F5295CBB733DD3B91EE4571B60E27EA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\484DCA4796DD27005A724EE9DD6E7788_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D0EB1206C31CCB2A6A8A21A31B9F5D9_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CE08AEE088DE5AE6352D9E969BB6044_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48290BDF5F91E4EDF56435E14F21FDC6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4DD797A769913A66AE498CBFD77229E3_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D6026E57E4C17B40486E0AFAEE18268_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FC4A2412AE8D452E64DF8A7DB18F219_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\516103980783658DA303C2084998D8CA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E98D0E8C1D11EB7DA1DEF029229B1C2_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52F7CBA32E596A5F05056277E056E4CB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5138C25BE12EF8B90EC0DF590E8D2EA5_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59D4A740B7DF62A6B4E2BB958C3C63C1_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57D829E42B2AB25223666A872CC49841_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EBC5A65E87ED6A6CBE11A0BA9F01CB7_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E228BDA9714C6D72461AD8B17D1042D_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F938BB284363757DF4AD5BC17BCFF8C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\638CAE0E82DE0E473B2558F579548DD8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63D9D5A2A59B634EB20323B1368FDCAD_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68E0D5CF9E99E9B469DEAE33F7532555_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\618DE6C710DE0F59614A3E93A76A493B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60C7F2F179E2B6D9B05FF3405A564DB0_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AE3728BCB47E24DD17CA7EB67B27AA6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B42C8B0BEFC545FF5A4C57473626C11_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E89D0476A4BEDAD9D38D3D1B227F02B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CAD0A548D22ECEB6D8DA34085518250_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71377EE8DBA82B476B64E337AC1CA267_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F4877A3D6CDB22CDC8FA63240121B91_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72E271DE0DB03931849A6A9075BF4433_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\723BEFD1866BFFBA65E7674B51945F20_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BF950753AD7D0E0F44674B5E0ACA18A_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73FF0298DC1A8E348C36957189BE7AC6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74F443A96FACA4E727DB226E847BAC48_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75963B43FA54B11533D6BDE1AF3B9371_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77F724FF8DA3EA928D34A92C15FC1915_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78A2DC3557982A804840257DBC5AFD7B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B26D2E47E489B4A7F64218A665E8A5E_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D53E9C9DFE184F55CE7DA91D517813F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EB022674F1DC0BC1B76FB59CBE38F17_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F31E218A37CB037253EDD98BF00EBA0_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A54B185A5829402FF34FCABF52EEBFA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82346D94696D294B1E18A2D25D417980_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8362ED0C9C21D830547ED0916B036CF4_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A63FCF2FE91CAE2359ED891FA6E8E41_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83CEC99F63E1188D674A1ACAF6C4B111_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80538E1F5A0D508A1FCC2832C8548A01_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\854B977CBC06B2AABDC2ED7279DCC242_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\864283A526EA0262955680CDE8F5A13C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\879F546FC98CA261D77F02BC9250F52A_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B2CF1B519B5CC6E2D7DB74E4ED8E250_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CC07BF177FFF3E8253BF050FB2E0471_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\872BFEF0582D251F370113A8915B6664_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88D28B07366F1F351A30A7045DDA4B99_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D83DCC7B3828FF27B58A8A470A3DCAD_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90D97687B8D86945B05ACD8E95065D45_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91177E383D8D9E46CB6212166BE68A9B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E2BE11A82EFC62AC7C41E9D4D96C236_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95D608A842264322534692BA1C1AD20C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94FBDA6EAA87481F3EC361E4EFCA0F9D_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99D171C9D455B0B01C5398B628E3BA29_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99ACB8B3E7B3F226CDB6E92B2E60543C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EED1FEF5F29ED3407A9F94F3DEAA48F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B734F562ED2D4488756259DED855200_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ACF6C6A9360D473D3BEDC28BD3758AD_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A0384BD206ABECC860749F21365FB7F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D583E4B99847E2158943F0ED8A927FD_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EAAA4BFAB753052996C0F3C24B994A6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D1C08D8E91836E3C5B5C3226F1FB733_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FE27B7A0D98BDC73174565C784A8EA1_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E488B0B3CF21F562387D4FF62CC5545_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1CE80423F5606C3D6DA89E91AE74178_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3034E51C476E35028DAD5AC209EA62B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5669CE4B479BCABC161C021FF6A80CA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A31437BAD9DB58001E3B900C68B06582_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A66DA6C625D202B6C7FCCC7B4C7152B4_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A12AF28B2115E5272A5ECEBE47E99A99_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAE179E791A43A8501071FA122C51859_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADADD3D002ED0282424CE3647E128026_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADC0C18A2C3C88778E10D7C4E39809E2_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF56BD0F760643802268006508A4C6AB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4DEE99391C6331AB2ED73FFD674EE3E_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B501D2B9E93292A991A94B403156CC98_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF093B18239B259409B08FDF30C5EA95_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0FE7CAA22B373F051FE085A2D5BC924_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B53435D9B7B19BC16798E6E60AB2276C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA8F6AA4DDDE4AEDC3F38D83140CE818_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7863B451F09DFC728DFF05CCDCEBF4A_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB6CC37F24481ABA1853525C3E338D1F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7680C3D330428C8AD4D3AB554A3F736_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC504E3FBE57D2CE617509EB1CAE1E8F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7A96EDEFB4ACA11E2CA27DF48D7DBF_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC323CC89C4760FF65A2E26F52DDF7A1_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE25C204EB7752BC05943694F51373B3_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3F5CD0D1DBEEC4B46A0E366B48EB538_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4B8D5940560B2079C7B23DA0DD18F3C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C50CA6932BE0B4B87B3313F6C8C6721D_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C58038E6BCDF99ADD066FAC4F0779DBF_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5B4B527E75D119C7E269E9C59677FEC_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C897ECB000BB88C64FDD45AD90F5C64F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C975837607F783D72BEEFD073F8C7694_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2686B32EF990E3B4459BE412B842DE6_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFEC8FAA1F7EC6F3DFB8D3CB15F20611_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA00F33B2AAD55598E109DDF0A3B8DA8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAC44F01958FBD8E743E39893F0A1C15_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D402A402F71DF4BE5AF1DC50EF305B0C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB898B3E71272D8ACF6708F77C6618AA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D312E573C35DF2945C339BF9C5AC3C24_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4E99C42C5D843C4809EE66DEEB49805_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC92205D4D9134DC7B613F212A8A597_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D741247DCCD30DF3349E5AB973AB4E5E_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5C5F4F9EC23CFB35FBCA1DB524CF7DA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCD17D1D05735CB5D55581B4F22DD7F3_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD34AFE114E5B5592FE402FACF45BAC8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE02D18D29FF2E6E442FF600AB073B52_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E03FEFC73FAEC5503F3EF226D1E159FB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E14D7A2C005F84983CC6867477CD81C5_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF175547A420F496D8F2E0E3A93720FE_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1F66864CD9C90A08D104F9523A4367B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E215CEFFBAE45C6E03016B00245E8631_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1E4DC820AC86ADB9025612BCCBE92C0_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E36B0227E50A390B59FCE8EA303F85E8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4E3C1709CC93D950854C01E4BEE5655_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2AB133D2B56C3DD57F5883D192B70DA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E787DDD1646B8C57E7A89E2BF70F483F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9044143E405E5020A7645624B181F3E_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAB05B002151C9F394D72BFB649B001C_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB1858237B52478010A6184436D1DB6A_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC255F2B68B8CDE156AF4764BB9741B8_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF391D621956BC0882CB9F72C53BC3AE_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6698ADC88FE499838404581F03B7760_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0597625D2AE6C4FC22BA11D4857D6A2_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC69D73EA8CCB7DE0CCD95CC46EFFDBB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F08E1296BA2D411A249A82E6C5627911_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0795FADF6C6C660E152A3626936FC4D_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2B22A4B339559F83F61D59D91306941_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4971B8199BC792AD74A9F25A8D69975_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F105443F4301677DE726E1F8C837F052_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4B1CCF012E6615DD8DF5DAE7A1810E4_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F78EAA3E448866A5999AF572CDBAD2D5_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F246EEEB895FEB03855AC3256EEFBCEC_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F86BA964F49F8DC47F30F02CC4B4DCE7_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA6D7E8C2340962955C68FBB8F3938AB_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC0771D196E5283679D37EA36D7DCDAA_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCF7E471BCA68FB232FEFB14B63E2469_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE90CFAE8D7F81F7843ED6018CE9CC1F_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFA56AAB06F74E7A1E3378A983A84E5B_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEE340A9E4A35493458F33E59AB12794_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB722E2201067D757B78AF0443778362_9CCAD6BA-D028-4A37-815A-5E2B1F09B040
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F98D8E07E007D320A79BFCA4AD35AEDF_9CCAD6BA-D028-4A37-815A-5E2B1F09B040

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users