Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Trojan; Windows Defender disappeared


  • This topic is locked This topic is locked
27 replies to this topic

#1 AndySum

AndySum

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 27 September 2013 - 06:02 AM

Hi,

 

I started having problems with my laptop, running Windows Vista 32-Bit around a month or so ago. 

 

First problem was that I began noticing that I couldn't download any documents, files or programs from the internet.  Shortly after this, my virus protection software (BT Netprotect Plus by McAfee) began inundating me with Virus notifications which required restart to resolve, yet weren't resolved after restart.  Furthermore, my Windows Security Centre had been deactivated and Windows Defender has completely disappeared. 

 

Sourced information online and installed and ran Malwarebytes which picked up and removed a load of ZeroAccess files.

 

This resolved some of the issues, however, I still cannot download any files from the internet (keep getting a 'this file contained a virus and was deleted' notification) and after doing some further digging, have discovered that I have a Program Files\Google\Desktop\Install\.... issue which was picked up by my antivirus when I attempted to back up my computer onto an external hard-drive, but isn't recognised by my antivirus software when I try to scan the original folder on my C Drive, which tells me that no viruses were detected.

 

Help please!



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 27 September 2013 - 08:37 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 27 September 2013 - 10:46 AM

Hi Marius,

 

Thanks for replying so quickly.  I have done as you said and run DDS; the reports are as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502
Run by Andy at 15:00:51 on 2013-09-27
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.2814.1645 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.

uWindow Title = Windows Internet Explorer provided by Yahoo!






uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120624153858.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BTAgile] c:\program files\bt broadband talk softphone\BTAgile.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "c:\users\andy\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll









TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1F211D82-EE9E-43DA-BF7D-21D560B883FD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{97C6F598-9BAD-40E1-9392-6489E089C693} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-23 210608]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-4-16 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-4-16 653856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-20 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-17 101552]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-23 172416]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-3-10 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-11-16 361472]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-20 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-16 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2010-1-6 187776]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-5-23 12400]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-4 146872]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-5-23 155824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-09-27 13:44:09 -------- d-----w- c:\programdata\NtiDvdCopy
2013-09-24 15:09:04 -------- d-----w- c:\program files\iPod
2013-09-24 15:09:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 15:09:00 -------- d-----w- c:\program files\iTunes
2013-09-24 13:58:05 -------- d-----w- c:\users\andy\appdata\local\jZip
2013-09-24 13:56:55 -------- d-----w- c:\program files\jZip
2013-09-19 14:50:50 -------- d-----w- c:\windows\system32\wbem\repository
.
==================== Find3M  ====================
.
2013-09-23 09:05:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 09:05:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 15:02:51.98 ===============
 

And the second report as follows:

 

DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 16/04/2009 05:36:22
System Uptime: 27/09/2013 09:27:15 (6 hours ago)
.
Motherboard: Acer            |  | JV50PU                        
Processor: AMD Athlon™ X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 99.968 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
==== System Restore Points ===================
.
RP802: 28/08/2013 19:54:32 - Scheduled Checkpoint
RP803: 29/08/2013 11:02:19 - Scheduled Checkpoint
RP804: 04/09/2013 15:26:35 - Scheduled Checkpoint
RP805: 10/09/2013 21:44:47 - Sony Ericsson PC Suite Drivers
RP806: 19/09/2013 09:11:29 - Sony Ericsson PC Suite Drivers
RP807: 20/09/2013 16:37:19 - Scheduled Checkpoint
RP808: 24/09/2013 16:02:07 - Device Driver Package Install: Apple Network adapters
RP809: 27/09/2013 10:10:48 - Windows Backup
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
1500
1500_Help
1500Trb
32 Bit HP CIO Components Installer
3DVIA player 5.0
AAC Decoder
Acer Arcade Deluxe
Acer Backup Manager
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
ALOT Toolbar
Amazon MP3 Downloader 1.0.15
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz
ATI Catalyst Install Manager
AutoUpdate
AviSynth 2.5
Backup Manager Basic
BBC iPlayer Desktop
Bonjour
Broadcom Gigabit NetLink Controller
BT Broadband Talk Softphone 3.1
BT Desktop Help
BT NetProtect Plus
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
D-Link VGA Webcam
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
Driver Install 32bit
eSupportQFolder
Facebook Video Calling 1.2.0.287
Fax
Free Opener
FreePortScanner 2.8.2
Google Chrome
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro 8500 A910 Basic Device Software
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
iPhone Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 39
Junk Mail filter update
jZip
K-Lite Codec Pack 7.0.0 (Standard)
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Virtual Technician
Media Go
Media Go Video Playback Engine 1.116.102.02020
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MindManager 2002
MKV Splitter
MobileMe Control Panel
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Nokia Connectivity Cable Driver
Nokia Software Updater
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
OpenAL
Orion
Paint.NET v3.5.5
PC Connectivity Solution
PlayStation®Store
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RemoteServer 0.1.0
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shared C Run-time for x86
Skype Click to Call
Skype™ 5.10
SolutionCenter
Sony Ericsson Update Engine
Sony PC Companion 2.10.174
Status
Synaptics Pointing Device Driver
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
WebReg
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
27/09/2013 09:31:04, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
27/09/2013 09:28:17, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27/09/2013 09:28:17, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
27/09/2013 09:28:17, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27/09/2013 09:28:17, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/09/2013 16:19:20, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  Access is denied.
24/09/2013 16:03:05, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

 

Unfortunately, when I ran GMER.exe, the whole scan ran, presumably as normal, but, when it had finished and I attempted to save it, it wouldn't allow me to save, nor to copy and paste the content of the report.  I have run a scan twice now and both times this happened.  In addition, after running the scan, I am unable to do anything on my PC, I can't 'click' on anything and open a program or document etc... In both cases, I have had to shut down and restart my computer in order to do anything?



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 27 September 2013 - 11:57 AM

Skip that.

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2013 - 03:37 AM

Hi Marius,

 

Am running the Malwarebytes rootkit scanner now. Will post the report as soon as it is finished scanning. Thanks.



#6 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2013 - 05:06 AM

Hi Marius, Here's the log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2950287360, free: 1666109440

Downloaded database version: v2013.09.30.02
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/30/2013 09:28:32
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\Drivers\UBHelper.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60x.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\wpdusb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff875c0590
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff868bab88
Lower Device Driver Name: \Driver\ahcix86s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff875c0590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff873ba0a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff875c0590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865d2f08, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff868bab88, DeviceName: \Device\00000068\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 905EA80F

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20480000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20482048  Numsec = 467912704
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\U --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \... --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\l --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L\201d3dde --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\u --> [Trojan.0Access]
Infected: C:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Scan finished



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 30 September 2013 - 05:50 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2013 - 08:15 AM

Hi Marius,

 

Have run Malwarebytes Anti-Rootkit a second time with no further Malware found, log below:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2950287360, free: 1666109440

Downloaded database version: v2013.09.30.02
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/30/2013 09:28:32
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\Drivers\UBHelper.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60x.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\wpdusb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff875c0590
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff868bab88
Lower Device Driver Name: \Driver\ahcix86s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff875c0590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff873ba0a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff875c0590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865d2f08, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff868bab88, DeviceName: \Device\00000068\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 905EA80F

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20480000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20482048  Numsec = 467912704
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\U --> [Trojan.0Access]
Infected: C:\Users\Andy\AppData\Local\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \... --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\l --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L\201d3dde --> [Trojan.0Access]
Infected: c:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\   \...\‮ﯹ๛\{d5450042-43dc-4135-0d9c-72f12e52ec2e}\u --> [Trojan.0Access]
Infected: C:\Program Files\Google\Desktop\Install\{d5450042-43dc-4135-0d9c-72f12e52ec2e} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_20482048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2950287360, free: 2129379328

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2950287360, free: 1306152960

=======================================
Initializing...
------------ Kernel report ------------
     09/30/2013 12:46:23
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\Drivers\UBHelper.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60x.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f8c230
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff865ccc90
Lower Device Driver Name: \Driver\ahcix86s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f8c230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874c5a30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f8c230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff868b6a60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff865ccc90, DeviceName: \Device\00000068\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 905EA80F

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20480000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20482048  Numsec = 467912704
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_20482048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

 

Will now run Farbar Service Scanner and report back to you later.



#9 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2013 - 08:19 AM

Hi Marius,

Have downloaded Farbar Service Scanner directly on my computer; which means that the issue with not being able to download has been resolved - Thankyou!

Farbar log as follows:

Farbar Service Scanner Version: 13-09-2013
Ran by Andy (administrator) on 30-09-2013 at 14:17:22
Running from "C:\Users\Andy\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 30 September 2013 - 09:21 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2013 - 10:38 AM

Hi Marius,

I have run ComboFix, the log is as follows:

ComboFix 13-09-30.02 - Andy 30/09/2013 15:57:52.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1857 [GMT 1:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1029.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc104A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1074.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10F4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1109.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1186.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1204.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1227.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12E7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13E0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1407.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14CA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1581.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1586.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16A8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc170.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1708.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc176E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17A8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc183F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1896.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1913.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A85.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AD4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1CD8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D34.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D37.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D60.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D62.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D9A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DF5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DF9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E3C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EA9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EAB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F57.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F72.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F7F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FB6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc20AD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2121.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc215.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc21B5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc231D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc234.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2464.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc253C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc254B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc255E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2570.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc258.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25D6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25DA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2744.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc274F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc278E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc279F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc280C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc283.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc28CC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2962.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc298D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29E0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AD5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BB4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BD2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C35.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C50.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2CCE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D1C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D4B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E05.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E11.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E5A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F25.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2FDA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3116.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc311F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3158.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc318E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc320A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc320C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc340D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3610.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc36CB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc36D8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3758.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37DB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3828.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc385A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3861.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3871.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38ED.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc390D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc39C3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A92.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B0F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B2E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B7C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B7E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C38.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D00.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E5A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E5B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EDC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F26.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FE9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4011.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc404E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc407C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc408F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40AA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40D0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40E9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4103.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc413B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4191.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc429E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc42B1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc42DC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc43A7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4462.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc452D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc453C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4547.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4626.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4665.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4727.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc479D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47AF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc483.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4849.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4850.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4868.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48A7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4913.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4914.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4923.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4924.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4930.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4962.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4963.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc497E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A24.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AF7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AF8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B37.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B3C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B86.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B96.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BD1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4C10.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4C8C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CCB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CDC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D9B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4DAA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EA8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F47.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F5A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F74.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F75.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5015.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5025.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5063.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5074.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc51.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc510F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc514D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc51F5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5218.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc52C4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc52F3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5380.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc538E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc539E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53BA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53C2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc543C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5486.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54C2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5556.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5582.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55EF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5630.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc56BA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5795.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57E2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58CC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58FB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc592A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5939.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5945.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5966.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5BBB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5BBD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5BC8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5C84.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5C85.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5CC9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5CD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D10.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D16.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D21.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EA7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F1B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FFB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc600C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6037.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc606D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc60FE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc618.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc62B8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc63C7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64EC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6524.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc654D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65D7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65D9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6653.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6682.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6692.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc675C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc675D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6833.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68AB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6930.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6940.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6962.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc697.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc698E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc69AD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc69C4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A0F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6BFA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C4C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C4D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C5C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C8A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C8C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CD8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D26.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D69.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6DC8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E3F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E6E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EBC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F2A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6FB1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6FE0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6FE6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7002.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7034.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70EE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc712D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7163.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc71CA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7254.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7281.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72F0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7364.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc737D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc738C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc739C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc740A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7491.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7503.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7518.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7524.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc757B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75DE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc761F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7698.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76BA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7706.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77C3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7811.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc786C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc786D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7937.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A42.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A43.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A50.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A6F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A80.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A91.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B88.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B97.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C43.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D09.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D0E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7DD5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E56.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EA4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EE2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EF2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7FAD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc800A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8092.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80B6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8123.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8129.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8142.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc81DE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc821A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc821F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8240.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8353.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8375.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc842B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8446.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84DB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8531.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8567.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8568.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85B1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8607.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc862D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8690.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8725.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc873B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc895.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc898C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc89B6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AD4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B22.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B34.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B8F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8BAE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8BDD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C8A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8CA8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D09.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D25.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D73.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D82.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D8A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DD5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DDD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E13.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E43.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E7A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8EE5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F35.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F75.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc909E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc90FB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9126.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91E7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc922E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9243.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9260.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9272.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc928.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9281.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc930E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc931D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93E8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9417.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9434.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9466.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9494.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94A3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94A4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94B3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94C0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9543.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc959D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9696.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc975.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9771.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9790.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97A1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97D9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc980D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc982D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9878.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98AC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98B8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98D8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98EA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9983.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99A2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99E1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9AEA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B09.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B2D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C06.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D5A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DD7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E54.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9EE0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F01.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F1A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F1E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F3F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F6C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F73.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA002.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA028.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA037.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA094.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0B4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0F7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA101.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA110.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA138.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA19E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA1AE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA207.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA23A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA298.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2A7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA318.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA335.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA349.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3E0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3FE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA47B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA48B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4A9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4D7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA508.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA528.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA537.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA5F5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA699.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA6C5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA70B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA71A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA766.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7AE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7C6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8B9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA91D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA932.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA94C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA99A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA17.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA74.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA7C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABEB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC18.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC3B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC94.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACA6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD23.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD40.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD49.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE1C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF53.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF86.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF97.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFF4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB08C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0CB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB13B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB196.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1F3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB260.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2CD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB32D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB379.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB38C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB398.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3B7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB473.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB480.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4BF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4EF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB514.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5BC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5E1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB639.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB676.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB6D8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB702.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB703.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB76F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB799.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB884.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB905.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB95A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB9B4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB9C4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA6C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA7C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB17.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC21.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC3F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD0F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD68.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD77.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD97.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDB6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE52.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE82.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBED2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEDE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF4B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFB9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC046.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC11F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC161.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC195.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC1DB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC22B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC299.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2B6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2C5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC32.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC330.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC372.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC380.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3B4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC487.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4A8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4D7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC535.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC554.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5B1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC61F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC67C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC728.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC737.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC86D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8A9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8CF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC93A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9C8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9D4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9F5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA34.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCAC0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCADF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB0B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB4D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB8A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB8B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBA2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBC9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC46.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC56.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC75.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD31.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD59.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE76.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE87.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE9F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF2A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF42.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF8D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF91.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFB0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFC0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFDD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFFE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD00.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD03D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD214.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD25F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD315.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD359.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD376.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3E4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3EA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD413.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD442.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD491.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD492.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4C1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4CB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4CE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5A9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5EF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD635.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD645.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD646.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD71F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD790.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD95B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD970.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA3B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA3E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDAD7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB82.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBFB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE02.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE5F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDECE.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEEC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF3A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE0CF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE0DF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE162.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE217.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE248.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE273.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE287.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE320.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE370.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3DC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE405.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE474.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5B1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE60D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE664.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE69E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE6D7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE6FC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE71F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE820.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE836.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8E8.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE95E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9D2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9D6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA24.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB3E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB6D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC06.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC15.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC45.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC6A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED21.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED5D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED6E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEDDA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEDF9.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEEC4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEED4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEF7A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEFCD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF027.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF090.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF10.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF153.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF178.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF1FF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF243.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF28D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF2A6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF349.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF378.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF402.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF51C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF526.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF549.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5C6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5F5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5F6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF63D.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6B0.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF713.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF849.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF874.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF998.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF99B.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9A.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9BC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9E2.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9E6.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFA5C.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAC5.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFADF.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB13.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB23.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB52.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB61.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBB4.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC5E.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFCAB.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFCB1.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFCB7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFCE7.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD06.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDBC.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDCD.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDE3.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE2F.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEDA.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF03.tmp
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFDC.tmp
c:\users\Andy\AppData\Roaming\.#
c:\users\Public\Documents\NTIMP3.dll
c:\windows\PFRO.log
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
.
.
2013-09-30 15:14 . 2013-09-30 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-30 13:44 . 2013-09-30 13:44 -------- d-----w- C:\62a0d421c7f692c07939b7
2013-09-27 13:44 . 2013-09-27 13:44 -------- d-----w- c:\programdata\NtiDvdCopy
2013-09-24 15:09 . 2013-09-24 15:09 -------- d-----w- c:\program files\iPod
2013-09-24 15:09 . 2013-09-24 15:10 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 15:09 . 2013-09-24 15:10 -------- d-----w- c:\program files\iTunes
2013-09-24 13:58 . 2013-09-24 13:59 -------- d-----w- c:\users\Andy\AppData\Local\jZip
2013-09-24 13:56 . 2013-09-24 13:58 -------- d-----w- c:\program files\jZip
2013-09-19 14:50 . 2013-09-30 15:18 -------- d-----w- c:\windows\system32\wbem\repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 09:05 . 2012-04-14 10:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 09:05 . 2011-05-18 13:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32 . 2013-08-14 16:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26 . 2013-08-14 16:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25 . 2013-08-14 16:17 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23 . 2013-08-14 16:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23 . 2013-08-14 16:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22 . 2013-08-14 16:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41 . 2013-08-14 10:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-14 10:23 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-14 10:23 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 10:23 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:55 . 2013-08-14 10:23 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:20 . 2013-08-14 10:22 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-14 10:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 10:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 10:22 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-14 10:23 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-17 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Facebook Update"="c:\users\Andy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-15 138096]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-17 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 13:42 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-08 06:18 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 09:05]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1521147093-807903122-1717862206-1000Core.job
- c:\users\Andy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-14 22:50]
.
2013-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1521147093-807903122-1717862206-1000UA.job
- c:\users\Andy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-14 22:50]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:02]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:02]
.
.
------- Supplementary Scan -------
.


uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254

.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-30 16:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5704)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\windows\system32\mfevtps.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2013-09-30 16:34:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-30 15:33
.
Pre-Run: 116,218,785,792 bytes free
Post-Run: 117,521,666,048 bytes free
.
- - End Of File - - 71D090F3E1789E30318D0FCF82CAD015
BEEDF9B7F43A72A91456F7131AFC11B2

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 01 October 2013 - 12:17 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 01 October 2013 - 09:51 AM

Hi Marius,

Malwarebytes scan complete; log as follows:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Andy :: ANDY-PC [administrator]

01/10/2013 10:12:53
mbam-log-2013-10-01 (10-12-53).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431757
Time elapsed: 5 hour(s), 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I will run the ESET scan now.

#14 AndySum

AndySum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 02 October 2013 - 03:22 AM

Hi Marius,

ESET has returned a result of 'No Threats Found'.

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 02 October 2013 - 03:45 AM

OK, let´s fix the defender then:

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users