Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Permission Changes in Wins 7

This is a discussion on Permission Changes in Wins 7 within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Not sure what happened, but it appears I can't make changes like delete files or run programs I am logged


Closed Thread
 
Thread Tools Search this Thread
Old 10-14-2011, 12:21 PM   #1
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



Not sure what happened, but it appears I can't make changes like delete files or run programs

I am logged in as an administrator, and have been through the Security section of right clicking a file or folder to allow me to make changes to no avail

Tried something called Subinacl to change permissions but that would not install - tried in safe mode too.

How do you set permissions to default ?

Have scanned with Malwarebytes and found nothing. Combofix did make changes and deletions, but the problem remains

Results Below

Thanks



Here is the First one - The one done afterwards will follow that

Thanks

==============

ComboFix 11-10-10.03 - Carol 10/10/2011 21:23:34.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2577 [GMT 1:00]
Running from: E:\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1025.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1053.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc10A4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc10A6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc10EE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1104.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc12AB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc13AB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1471.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc14AC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc14CF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc14F2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1524.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1603.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc16B5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc16BE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1714.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc172B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc17B7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc181.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc183F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1855.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1871.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc19C0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc19E1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1A22.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1B36.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1BAD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1BDE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1BE0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1CE6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E09.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E1A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E56.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E57.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E82.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1E84.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1EB0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1F43.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc1FDA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc202.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc21CA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc22CB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc236C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc23B5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc23EF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc23F7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2579.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2656.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc269A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc26A9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2722.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc274.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc27D6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc284D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2856.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2882.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc291E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc293.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc298D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc29CB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc29F3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2A21.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2A40.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2ADE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2B28.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2B40.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2B9E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2C32.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2C4D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2D51.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2DD9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2E3A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2E9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2EA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc2F96.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3001.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc302B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc328D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3374.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc33B9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc343E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc35B4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc35E3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3630.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3720.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc37B2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3818.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc39AA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc39AD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc39CB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3BD3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3C60.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3C93.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3C98.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3CD9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3E53.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3E74.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc3E8A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc415A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4219.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc42C4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4381.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc442A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc446A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc449.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc44D7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4561.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc460.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4695.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc46D2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc47C5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc47EB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4896.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4946.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc49A8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4A16.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4A3E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4A7E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4AA1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4B48.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4B54.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4B79.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4BA6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4C74.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4D22.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4E06.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4E71.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4EEB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4F11.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4F3C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4F46.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc4F5A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc500F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc502D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5101.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc521F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5266.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc526D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5288.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc529E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc52BB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5358.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5364.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5399.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc54B0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5501.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc550E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5543.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5563.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc55B0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc55CA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5620.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc568F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc573B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc579.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc58B0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc58B5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc58E5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc58E9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc597B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc59CA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc59ED.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5A55.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5A59.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5B23.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5B3C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5B44.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5BAA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5C3E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5C79.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5D1A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5D20.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5E86.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5F08.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5F48.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5F91.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc5F93.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6044.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6074.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6226.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc631A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc63DB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6492.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc64CE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6503.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6579.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc659C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6615.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc662.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc66E0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6766.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc678B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6813.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6847.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc68EE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6927.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc695B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6960.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6AA1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6B62.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6CA8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6CB5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6CCC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6D88.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6DCC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6E3D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc6E69.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7025.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7096.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc70F6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7122.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc713C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7184.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7227.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc728.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc73FA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7448.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc74B4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc74B8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7718.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7787.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc78E1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7931.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7984.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc798B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7A3C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7B5F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7B6A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7C5D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7D2A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7DEF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7F08.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc7F4F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc804B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc819B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc81F7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc828.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8314.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc836E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc84E2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8771.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc883E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc88BA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8A2A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8AC1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8AC4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8B2E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8B3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8B5D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8B70.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8BD7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8BDD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8BE6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8C2D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8CB5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8CE2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8DA3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8E3B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc8FEA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9050.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc90C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc90F5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc92DA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc93AA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc93B4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc93B6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc93D4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9518.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc95B6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9658.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc96EF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc993E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc995B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc99F9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9BB5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D2B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D31.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D89.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D98.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9D9B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9E30.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9EC2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9F5F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9FD7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mcc9FDA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA0D8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA0FC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA1D8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA2B7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA2FC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA389.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA3E9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA41C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA473.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA49A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA5D3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA5F2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA6C7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA723.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA740.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA7DE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA80C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA8FE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA918.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA962.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA977.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccA9CD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAA07.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccABAD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAD64.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAD9E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAE93.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAF4C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccAF74.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB0DF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB179.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB1C4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB1E6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB358.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB495.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB4C4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB4DA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB6D1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB71A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB751.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB85.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB8C2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB8D5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccB993.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBAF8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBBEA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBC1E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBC55.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBCA2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccBDD6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC011.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC07D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC0DE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC10B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC1F4.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC36D.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC38.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC409.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC479.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC49B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC515.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC58F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC5C9.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC5EA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC76A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC84A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC859.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC898.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC8D6.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC95C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC964.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC984.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccC9A7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCA76.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCBC1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCBF.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCCA5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCD91.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCD92.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCDAE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCDCE.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCDDC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCDFD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCEC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCF2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCF62.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCF6C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccCFA0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD07F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD092.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD179.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD3F2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD428.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD53F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD5BB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD5DB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD5F0.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD600.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD67E.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD7B2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD7F5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD842.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD890.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD901.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD917.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD91B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccD9D8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDA15.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDA3F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDB58.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDB73.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDBFC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDC80.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDDDB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDF11.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccDF45.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE1AB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE1B3.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE227.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE279.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE311.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE44C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE4E5.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE654.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE664.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE7A8.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE919.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE91C.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE990.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccE9D7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEA56.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEE85.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEECC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEEE7.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEF74.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEF8A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccEFC2.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF01B.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF054.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF247.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF2CA.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF4A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF5BB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF5BC.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF63F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF731.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccF8BB.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFA84.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFAB1.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFB75.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFBAD.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFC3F.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFD7A.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFE87.tmp
c:\users\Carol\AppData\Local\Microsoft\Windows\Tem porary Internet Files\mccFF60.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 20:09 . 2011-10-10 20:09 -------- d-----w- c:\windows\LastGood
2011-09-22 14:05 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 11:35 . 2011-09-22 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 06:54 . 2011-08-19 14:59 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-09-22 01:19 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0716E2E-1B1C-4B7F-9B8E-4CA055328B82}\mpengine.dll
2011-09-21 20:49 . 2011-09-06 20:37 320856 ------w- c:\windows\system32\drivers\aswSP.sys
2011-09-21 20:49 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-21 20:49 . 2011-09-06 20:36 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-21 20:49 . 2011-09-06 20:38 442200 ------w- c:\windows\system32\drivers\aswSnx.sys
2011-09-21 20:49 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-21 20:49 . 2011-09-06 20:36 54616 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-21 20:49 . 2011-09-06 20:45 41184 ------w- c:\windows\avastSS.scr
2011-09-21 20:49 . 2011-09-06 20:45 199304 ------w- c:\windows\system32\aswBoot.exe
2011-09-21 20:49 . 2011-09-21 20:49 -------- d-----w- c:\programdata\AVAST Software
2011-09-21 20:49 . 2011-09-21 20:49 -------- d-----w- c:\program files\AVAST Software
2011-09-21 17:54 . 2011-09-21 17:54 -------- d-----w- c:\users\Carol\AppData\Roaming\Malwarebytes
2011-09-21 17:54 . 2011-09-21 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-09-20 22:24 . 2011-09-20 22:24 -------- d-----w- c:\users\Carol\AppData\Roaming\McAfee
2011-09-20 22:16 . 2011-09-20 22:16 -------- d-----w- c:\program files\Common Files\Mcafee
2011-09-20 22:16 . 2011-09-20 22:22 -------- d-----w- c:\program files\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-21 09:00 . 2011-08-21 09:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-15 09:00 . 2011-03-13 10:20 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 09:00 . 2011-03-13 10:20 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-22 04:56 . 2011-08-10 18:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37 . 2011-08-10 18:23 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-10 18:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-10 18:24 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyN ot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-25 170520]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-04-28 252928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Carol\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-08-12 20:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1e38ca3c
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
backup=c:\windows\pss\Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^OSD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
backup=c:\windows\pss\OSD.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-05-10 15:03 1205760 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2010-02-25 11:33 3599360 ----a-w- c:\program files\TTG\Reminder\Reminder.exe
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Driver s\RapportKELL.sys [2011-08-21 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\pro gramdata\Trusteer\Rapport\store\exts\RapportCerber us\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
R2 LiveIO;LiveIO; [x]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sy s [2010-04-19 191488]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 Livekbc;Livekbc; [x]
S3 Livemouclass;Livemouclass; [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 13:32]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E537853C-3AF8-4D01-8994-DA52DB24BD1E}: NameServer = 10.206.65.68 10.206.65.68
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
SafeBoot-BsScanner
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-10 21:32:23
ComboFix-quarantined-files.txt 2011-10-10 20:32
.
Pre-Run: 270,860,886,016 bytes free
Post-Run: 271,112,601,600 bytes free
.
- - End Of File - - 1E19667937AA0ADC0444A96F88637C0A









================== Second One



ComboFix 11-10-11.02 - Carol 11/10/2011 20:10:50.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2497 [GMT 1:00]
Running from: c:\users\Carol\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 19:16 . 2011-10-11 19:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\L ocal\temp
2011-09-22 14:05 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 11:35 . 2011-10-10 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 06:54 . 2011-08-19 14:59 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-09-22 01:19 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0716E2E-1B1C-4B7F-9B8E-4CA055328B82}\mpengine.dll
2011-09-21 20:49 . 2011-09-06 20:45 41184 ------w- c:\windows\avastSS.scr
2011-09-21 20:49 . 2011-09-21 20:49 -------- d-----w- c:\programdata\AVAST Software
2011-09-21 17:54 . 2011-09-21 17:54 -------- d-----w- c:\users\Carol\AppData\Roaming\Malwarebytes
2011-09-21 17:54 . 2011-09-21 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-09-20 22:24 . 2011-09-20 22:24 -------- d-----w- c:\users\Carol\AppData\Roaming\McAfee
2011-09-20 22:16 . 2011-09-20 22:16 -------- d-----w- c:\program files\Common Files\Mcafee
2011-09-20 22:16 . 2011-09-20 22:22 -------- d-----w- c:\program files\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-21 09:00 . 2011-08-21 09:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-15 09:00 . 2011-03-13 10:20 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 09:00 . 2011-03-13 10:20 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-22 04:56 . 2011-08-10 18:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37 . 2011-08-10 18:23 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-10 18:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-10 18:24 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( [email protected]_20.30.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-10 17:37 . 2011-10-10 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-10-11 14:30 . 2011-10-11 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2011-10-10 17:37 . 2011-10-10 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-10-11 14:30 . 2011-10-11 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-07-14 02:05 . 2011-10-10 20:18 628024 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-10-11 14:40 628024 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-10-11 14:40 110208 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-10-10 20:18 110208 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:03 . 2011-10-11 12:06 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-10-10 14:22 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-25 170520]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-04-28 252928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Carol\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-08-12 20:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1e38ca3c
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
backup=c:\windows\pss\Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^OSD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
backup=c:\windows\pss\OSD.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-05-10 15:03 1205760 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2010-02-25 11:33 3599360 ----a-w- c:\program files\TTG\Reminder\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Driver s\RapportKELL.sys [2011-08-21 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\pro gramdata\Trusteer\Rapport\store\exts\RapportCerber us\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
R2 LiveIO;LiveIO; [x]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sy s [2010-04-19 191488]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 Livekbc;Livekbc; [x]
S3 Livemouclass;Livemouclass; [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 09092056
*NewlyCreated* - PWLOQPOG
*Deregistered* - 09092056
*Deregistered* - aswMBR
*Deregistered* - pwloqpog
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 13:32]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E537853C-3AF8-4D01-8994-DA52DB24BD1E}: NameServer = 10.206.65.68 10.206.65.68
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-11 20:18:08
ComboFix-quarantined-files.txt 2011-10-11 19:18
ComboFix2.txt 2011-10-10 20:32
.
Pre-Run: 272,396,746,752 bytes free
Post-Run: 272,325,259,264 bytes free
.
- - End Of File - - 959DE28B2BB9BE64462BE350DFCC083F
leachim is offline  
Sponsored Links
Advertisement
 
Old 10-16-2011, 07:46 PM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi leachim,

You have this same topic posted at cybertechhelp, a previous thread here at TSF, and now a new one in Win7 section asking how to take a Toshiba back to factory default.

Have you decided to set it back to factory? If so, I will close the 2 threads in our section, and you should also advise the folks at cybertechhelp as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 12:40 AM   #3
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



Quote:
Originally Posted by Ried View Post
Hi leachim,

You have this same topic posted at cybertechhelp, a previous thread here at TSF, and now a new one in Win7 section asking how to take a Toshiba back to factory default.

Have you decided to set it back to factory? If so, I will close the 2 threads in our section, and you should also advise the folks at cybertechhelp as well.

Nope - they are 2 different computers

I still have had no reply from this one, so I am a bit lost at the moment.

I have had a reply for taking a toshiba back to factory default, but it hasn't worked .....

Still hoping
leachim is offline  
Sponsored Links
Advertisement
 
Old 10-17-2011, 05:50 AM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



If I am going to work with you here, please advise the other forum where you've posted, and have them close it. Aside from taking up the time of 2 volunteers for the same person, they'll be doing things, having you try things, so will I. I'll get confused because I won't have known what went on over there, and vice versa. Very frustrating and very time consuming for all concerned. Remember, we volunteer in our spare time.

I see you ran aswmbr on this machine. May I ask why? What prompted you to run ComboFix? When did this issue begin?

As far as the other machine and not being able to access Toshiba's Recovery Partition, you won't be able to any longer. As was explained to you by Jintan

Quote:
FYI - the malware changes to your MBR likely took out the ability for you to access any pre-made recovery partition options. Such as pressing a unique set of keys during bootup, to access the location to restore the system back to factory fresh. You have the install DVD, so should be fine with that, either way.
If you did not create the Recovery DVD's/CD's when you first purchased this machine, you'll have to order them from Toshiba.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 06:41 AM   #5
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



I have put the other forum on hold. Combofix and asw were run because I used them before. Issue started about 3 weeks ago. I can save stuff in safe mode to my account, but not in normal mode. Access denied
leachim is offline  
Old 10-17-2011, 06:46 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. I know you've used them before, but may I recommend not running any specialty tools without having obtained an initial set of reports first? While that is not the case here, for your own safety, should something ever go wrong when you do use a specialty tool to fix something, you (and we) would have an idea of where things may have gone wrong, and how to undo any damage.

May I see the aswmbr.txt please? If you no longer have that, please run a new scan with the tool - do not allow it to fix anything. Post the content of the aswmbr.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 07:31 AM   #7
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-17 12:04:05
-----------------------------
12:04:05.562 OS Version: Windows 6.1.7600
12:04:05.562 Number of processors: 2 586 0x170A
12:04:05.562 ComputerName: CAROL-PC UserName: Carol
12:04:06.280 Initialize success
12:04:12.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:04:12.520 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
12:04:12.551 Disk 0 MBR read successfully
12:04:12.551 Disk 0 MBR scan
12:04:12.551 Disk 0 Windows 7 default MBR code
12:04:12.567 Disk 0 scanning sectors +625139712
12:04:12.785 Disk 0 scanning C:\Windows\system32\drivers
12:04:23.549 Service scanning
12:04:24.828 Modules scanning
12:04:35.951 Disk 0 trace - called modules:
12:04:35.982 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:04:35.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86259778]
12:04:35.998 3 CLASSPNP.SYS[8af8759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8544b028]
12:04:35.998 Scan finished successfully
12:05:07.260 Disk 0 MBR has been saved successfully to "F:\New folder\MBR.dat"
12:05:07.291 The log file has been saved successfully to "F:\New folder\aswMBRashley.txt"
leachim is offline  
Old 10-17-2011, 07:47 AM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



There is a specific infection that can cause this behavior, however I am not seeing any indications of it in your logs. Have you run any other removal tools?

Download SystemLook from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content inside the following quote box into the main textfield:

    Quote:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 08:01 AM   #9
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



SystemLook 30.07.11 by jpshortstuff
Log created at 15:58 on 17/10/2011 by Carol
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
@="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"= 0x007f6f0000 (2137980928)


-= EOF =-
leachim is offline  
Old 10-17-2011, 08:06 AM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



That key looks as it should.

Have you tried System Restore yet? The earliest date I see, is October 1. Does that pre-date this issue?

If so, you can invoke the System Restore via Repair your computer option.

Restart the machine, tap F8 and select 'Repair your computer'
Follow the prompts to select keyboard input, and enter the password when prompted.

In the next menu, select 'System Restore'. In the System Restore window, click 'show me more restore points and choose the date closest to before these problems began.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 09:07 AM   #11
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



"No system restore points have been created on your computers system drive"

I tried it in normal mode, safe mode and in the repair environment

Nuisance - why can't it read the Oct 1st one I wonder......
leachim is offline  
Old 10-17-2011, 09:12 AM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Ok, let's do this. It's not as difficult as it the instructions make it appear.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Uncheck the Whitlelist boxes next to Registry and known DLL's
  • Place a check next to List Drivers MD5
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-17-2011, 10:59 AM   #13
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.4
Ran by SYSTEM at 2011-10-17 18:55:57
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry ==========================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7731744 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent [252928 2010-04-28] (Vodafone)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1584640 2009-12-07] (Alcatel-Lucent)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1173504 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26112 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2614784 2011-02-25] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E537853C-3AF8-4D01-8994-DA52DB24BD1E}: [NameServer]10.206.65.68 10.206.65.68
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service [16680 2010-08-12] (Citrix Online, a division of Citrix Systems, Inc.)
2 McciCMService; "C:\Program Files\Common Files\Motive\McciCMService.exe" [319488 2009-08-14] (Alcatel-Lucent)
4 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
4 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 VmbService; "C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [9216 2010-04-28] (Vodafone)

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122368 2009-05-25] (Intel(R) Corporation)
2 LiveGpdKBFilter; C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [4096 2009-05-06] (Windows (R) Win 7 DDK provider)
2 LiveIO; C:\Windows\System32\Drivers\LiveIO.sys [15312 2009-05-11] ()
3 Livekbc; C:\Windows\System32\Drivers\Livekbc.sys [4096 2009-05-06] (Systems Internals)
3 Livemouclass; C:\Windows\System32\Drivers\Livemouclass.sys [3968 2009-05-06] (Systems Internals)
3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))
1 RapportCerberus_29574; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [216912 2011-08-03] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [66360 2011-08-21] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [53816 2011-08-21] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [158904 2011-08-21] (Trusteer Ltd.)
3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372224 2009-09-10] (Realtek Semiconductor Corporation )
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-04-19] (ZTE Incorporated)
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-04-19] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-04-19] (ZTE Incorporated)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-19] (ZTE Incorporated)
3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [191488 2010-04-19] (ZTE Incorporated)
3 catchme; \??\C:\Users\Carol\AppData\Local\Temp\catchme.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\Afc.sys FE3EA6E9AFC1A78E6EDCA121E006AFB7
C:\Windows\System32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\System32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 2C314284938E308DA50D49E50404D9FC
C:\Windows\System32\drivers\IntcHdmi.sys E63CD0D9AA8D406CABDE5AA718936F40
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LiveGpdKBFilter.sys F93A8AE3FE12910CFFA81F72FE34C6F2
C:\Windows\System32\Drivers\LiveIO.sys 58A6EB33EA17CCC8042771634097A32B
C:\Windows\System32\Drivers\Livekbc.sys 7FB4274918F694C0153472B094C9AFF8
C:\Windows\System32\Drivers\Livemouclass.sys 3B20D5249084A9B0D87ECC1C1D59D9A6
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 9BD4DCB5412921864A7AACDEDFBD1923
C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys DDA98CC4F34977914C731B8155E1CBD5
C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys EBB483BB8E50345BCF3228E3B47A7B78
C:\Windows\System32\Drivers\RapportKELL.sys 2641560E667C74A08A0826828417DDB7
C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 69A0ECB8291BB6D2027C845D6CBEF6B8
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys F9541F3B59DA30423F2F76EF443C07FC
C:\Windows\System32\DRIVERS\Rt86win7.sys 26A9D6227D12B9D9DA5A81BB9B55D810
C:\Windows\System32\DRIVERS\RTL8187Se.sys 1117352DD3F1F457D6B2D0BCAB9611BE
C:\Windows\System32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 292307A8E0DDCE66E8D5DFA2635F72A5
C:\Windows\System32\drivers\tcpip.sys C2DAAEB48F3A47C410B041A0D2382EE1
C:\Windows\System32\DRIVERS\tcpip.sys C2DAAEB48F3A47C410B041A0D2382EE1
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\System32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\System32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\System32\DRIVERS\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\Drivers\usbvideo.sys B5F6A992D996282B7FAE7048E50AF83A
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\System32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 966756D861161FCC04D8051F210B942F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 966756D861161FCC04D8051F210B942F
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 966756D861161FCC04D8051F210B942F
C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 966756D861161FCC04D8051F210B942F
C:\Windows\System32\DRIVERS\ZTEusbwwan.sys 51ADCFCB8118A5060980E906736ED4DB

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-17 18:54 - 2011-10-17 18:56 - 0000000 ____D C:\FRST
2011-10-17 04:46 - 2011-10-17 04:46 - 0000003 ____A C:\Users\Carol\Desktop\tt.txt
2011-10-17 03:56 - 2011-10-17 03:56 - 0000004 ____A C:\Users\Carol\Desktop\rrr.txt
2011-10-17 03:07 - 2011-10-17 03:07 - 0078574 ____A C:\TDSSKiller.2.6.7.0_17.10.2011_12.07.07_log.txt
2011-10-12 11:22 - 2011-10-12 11:22 - 0000000 ____D C:\6e95e2648cbfbd05bf349ed3c12ffe
2011-10-12 11:22 - 2011-10-12 11:22 - 0000000 ____D C:\_285120_
2011-10-12 11:09 - 2011-10-12 11:09 - 0000000 ___HD C:\Windows\AxInstSV
2011-10-12 11:02 - 2011-10-12 11:02 - 0000000 ____D C:\0ceb6330d5dc1472e68517e9f6
2011-10-12 11:02 - 2011-10-12 11:02 - 0000000 ____D C:\_085769_
2011-10-12 09:55 - 2011-10-12 09:55 - 0015606 ____A C:\ComboFix.txt
2011-10-12 09:54 - 2011-10-12 09:54 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-12 08:57 - 2011-10-12 08:57 - 0000000 ____D C:\e820f912cca5a786c4
2011-10-12 08:57 - 2011-10-12 08:57 - 0000000 ____D C:\_595788_
2011-10-12 08:54 - 2011-10-12 08:54 - 0000000 ____D C:\a7ec932ef8e4ff1a8eadece716b50f10
2011-10-12 08:54 - 2011-10-12 08:54 - 0000000 ____D C:\_462672_
2011-10-11 11:09 - 2011-10-11 11:10 - 4254123 ___RA (Swearware) C:\Users\Carol\Desktop\ComboFix.exe
2011-10-11 07:28 - 2011-10-11 07:28 - 0079178 ____A C:\TDSSKiller.2.6.7.0_11.10.2011_16.28.12_log.txt
2011-10-11 06:25 - 2011-10-11 06:25 - 0000000 ____D C:\26a8381a759e17fc2486fbbccf89d5
2011-10-11 06:25 - 2011-10-11 06:25 - 0000000 ____D C:\_100995_
2011-10-11 06:22 - 2011-10-11 06:23 - 0146762 ____A C:\Users\Carol\Downloads\bg-uninstall.zip
2011-10-11 06:15 - 2011-10-11 06:15 - 0306736 ____A (AVAST Software) C:\Users\Carol\Downloads\aswclear.exe
2011-10-11 06:06 - 2011-10-11 06:06 - 0002243 ____A C:\Windows\epplauncher.mif
2011-10-11 06:06 - 2011-10-11 06:06 - 0000000 ____D C:\7f6e49624eec53653caf4b95b277adf8
2011-10-11 06:06 - 2011-03-24 08:18 - 7866472 ____A (Microsoft Corporation) C:\Users\Carol\Desktop\mseinstall32.exe
2011-10-11 05:44 - 2011-10-11 05:44 - 0000000 ____D C:\0a4b0d870020022c85cfde
2011-10-11 05:44 - 2011-10-11 05:44 - 0000000 ____D C:\_925773_
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\8a31ed8ceb9c38fc17a507
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\338c42717b425e65f7ea4634
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\_846883_
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\_837508_
2011-10-10 12:33 - 2011-10-10 12:33 - 0051711 ____A C:\Users\Carol\Desktop\combo.txt
2011-10-10 12:22 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2011-10-10 12:22 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2011-10-10 12:22 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-10-10 12:22 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-10-10 12:22 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-10-10 12:22 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2011-10-10 12:22 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2011-10-10 12:22 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2011-10-10 12:18 - 2011-10-12 09:55 - 0000000 ____D C:\Qoobox
2011-10-10 12:18 - 2011-10-10 12:30 - 0000000 ____D C:\Windows\ERDNT
2011-09-22 06:05 - 2011-09-22 06:05 - 0001074 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-09-22 06:05 - 2011-08-31 08:00 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-09-22 03:40 - 2011-09-22 03:28 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Carol\Desktop\mbam-setup-1.51.2.1300.exe
2011-09-22 03:35 - 2011-10-10 13:46 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-09-21 22:54 - 2011-08-19 06:59 - 0148520 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2011-09-21 12:49 - 2011-09-21 12:49 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-09-21 12:49 - 2011-09-21 12:49 - 0000000 ____D C:\ProgramData\AVAST Software
2011-09-21 12:49 - 2011-09-06 12:45 - 0041184 ____N (AVAST Software) C:\Windows\avastSS.scr
2011-09-21 12:12 - 2011-09-21 12:49 - 58948168 ____A C:\Users\Carol\Downloads\setup_av_free.exe
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\Users\Carol\AppData\Roaming\Malwarebytes
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-20 14:24 - 2011-09-21 08:03 - 0002105 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2011-09-20 14:24 - 2011-09-20 14:24 - 0000000 ____D C:\Users\Carol\AppData\Roaming\McAfee
2011-09-20 14:16 - 2011-09-20 14:22 - 0000000 ____D C:\Program Files\McAfee
2011-09-20 14:16 - 2011-09-20 14:16 - 0000000 ____D C:\Program Files\McAfee.com
2011-09-20 14:16 - 2011-09-20 14:16 - 0000000 ____D C:\Program Files\Common Files\Mcafee
2011-09-20 12:30 - 2011-03-13 02:45 - 0148520 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe.7b42.deleteme
2011-09-20 12:27 - 2011-09-20 12:30 - 4188120 ____A (McAfee, Inc.) C:\Users\Carol\Downloads\McAfeeSetup.exe
2011-09-20 10:22 - 2011-09-20 10:22 - 0001127 ____A C:\Users\Carol\Downloads\Unconfirmed 88554.crdownload
2011-09-20 10:21 - 2011-09-20 10:21 - 0002575 ____A C:\Users\Carol\Downloads\Unconfirmed 99267.crdownload
2011-09-20 10:01 - 2011-09-20 10:01 - 0009815 ____A C:\Users\Carol\Downloads\Unconfirmed 20988.crdownload

============ 3 Months Modified Files and Folders ===============

2011-10-17 18:56 - 2011-10-17 18:54 - 0000000 ____D C:\FRST
2011-10-17 17:36 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2011-10-17 09:50 - 2010-08-06 06:50 - 1539413 ____A C:\Windows\WindowsUpdate.log
2011-10-17 09:39 - 2009-07-13 20:34 - 0018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-17 09:39 - 2009-07-13 20:34 - 0018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-17 09:32 - 2010-08-06 06:46 - 2385162240 __ASH C:\hiberfil.sys
2011-10-17 09:32 - 2009-07-13 20:39 - 0080793 ____A C:\Windows\setupact.log
2011-10-17 08:00 - 2011-09-05 13:42 - 2268468 ____A C:\Windows\ntbtlog.txt
2011-10-17 04:46 - 2011-10-17 04:46 - 0000003 ____A C:\Users\Carol\Desktop\tt.txt
2011-10-17 03:56 - 2011-10-17 03:56 - 0000004 ____A C:\Users\Carol\Desktop\rrr.txt
2011-10-17 03:07 - 2011-10-17 03:07 - 0078574 ____A C:\TDSSKiller.2.6.7.0_17.10.2011_12.07.07_log.txt
2011-10-12 11:22 - 2011-10-12 11:22 - 0000000 ____D C:\6e95e2648cbfbd05bf349ed3c12ffe
2011-10-12 11:22 - 2011-10-12 11:22 - 0000000 ____D C:\_285120_
2011-10-12 11:09 - 2011-10-12 11:09 - 0000000 ___HD C:\Windows\AxInstSV
2011-10-12 11:02 - 2011-10-12 11:02 - 0000000 ____D C:\0ceb6330d5dc1472e68517e9f6
2011-10-12 11:02 - 2011-10-12 11:02 - 0000000 ____D C:\_085769_
2011-10-12 11:01 - 2010-02-24 04:19 - 0772092 ____A C:\Windows\PFRO.log
2011-10-12 09:55 - 2011-10-12 09:55 - 0015606 ____A C:\ComboFix.txt
2011-10-12 09:55 - 2011-10-10 12:18 - 0000000 ____D C:\Qoobox
2011-10-12 09:54 - 2011-10-12 09:54 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-12 09:53 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2011-10-12 08:57 - 2011-10-12 08:57 - 0000000 ____D C:\e820f912cca5a786c4
2011-10-12 08:57 - 2011-10-12 08:57 - 0000000 ____D C:\_595788_
2011-10-12 08:54 - 2011-10-12 08:54 - 0000000 ____D C:\a7ec932ef8e4ff1a8eadece716b50f10
2011-10-12 08:54 - 2011-10-12 08:54 - 0000000 ____D C:\_462672_
2011-10-11 12:03 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-10-11 11:10 - 2011-10-11 11:09 - 4254123 ___RA (Swearware) C:\Users\Carol\Desktop\ComboFix.exe
2011-10-11 07:28 - 2011-10-11 07:28 - 0079178 ____A C:\TDSSKiller.2.6.7.0_11.10.2011_16.28.12_log.txt
2011-10-11 06:40 - 2009-08-03 00:18 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-11 06:25 - 2011-10-11 06:25 - 0000000 ____D C:\26a8381a759e17fc2486fbbccf89d5
2011-10-11 06:25 - 2011-10-11 06:25 - 0000000 ____D C:\_100995_
2011-10-11 06:23 - 2011-10-11 06:22 - 0146762 ____A C:\Users\Carol\Downloads\bg-uninstall.zip
2011-10-11 06:23 - 2010-08-12 23:13 - 0000000 ____D C:\Program Files\BullGuard Ltd
2011-10-11 06:17 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2011-10-11 06:15 - 2011-10-11 06:15 - 0306736 ____A (AVAST Software) C:\Users\Carol\Downloads\aswclear.exe
2011-10-11 06:06 - 2011-10-11 06:06 - 0002243 ____A C:\Windows\epplauncher.mif
2011-10-11 06:06 - 2011-10-11 06:06 - 0000000 ____D C:\7f6e49624eec53653caf4b95b277adf8
2011-10-11 05:44 - 2011-10-11 05:44 - 0000000 ____D C:\0a4b0d870020022c85cfde
2011-10-11 05:44 - 2011-10-11 05:44 - 0000000 ____D C:\_925773_
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\8a31ed8ceb9c38fc17a507
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\338c42717b425e65f7ea4634
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\_846883_
2011-10-11 05:43 - 2011-10-11 05:43 - 0000000 ____D C:\_837508_
2011-10-10 13:46 - 2011-09-22 03:35 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-10-10 12:33 - 2011-10-10 12:33 - 0051711 ____A C:\Users\Carol\Desktop\combo.txt
2011-10-10 12:32 - 2009-07-13 18:37 - 0000000 __RHD C:\users\Default
2011-10-10 12:32 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2011-10-10 12:30 - 2011-10-10 12:18 - 0000000 ____D C:\Windows\ERDNT
2011-10-10 12:30 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-10-10 09:42 - 2011-06-09 02:49 - 0000000 ____D C:\Users\Carol\AppData\Local\Free File Opener
2011-09-22 06:05 - 2011-09-22 06:05 - 0001074 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-09-22 05:46 - 2010-08-12 12:13 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2011-09-22 05:46 - 2010-08-12 12:13 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2011-09-22 03:28 - 2011-09-22 03:40 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Carol\Desktop\mbam-setup-1.51.2.1300.exe
2011-09-22 00:41 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-09-21 12:49 - 2011-09-21 12:49 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-09-21 12:49 - 2011-09-21 12:49 - 0000000 ____D C:\ProgramData\AVAST Software
2011-09-21 12:49 - 2011-09-21 12:12 - 58948168 ____A C:\Users\Carol\Downloads\setup_av_free.exe
2011-09-21 11:58 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-09-21 10:24 - 2009-07-13 18:37 - 0000000 __RSD C:\Windows\Media
2011-09-21 10:24 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\inetsrv
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\Users\Carol\AppData\Roaming\Malwarebytes
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-21 09:54 - 2011-09-21 09:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-21 08:03 - 2011-09-20 14:24 - 0002105 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2011-09-20 14:24 - 2011-09-20 14:24 - 0000000 ____D C:\Users\Carol\AppData\Roaming\McAfee
2011-09-20 14:22 - 2011-09-20 14:16 - 0000000 ____D C:\Program Files\McAfee
2011-09-20 14:22 - 2011-03-21 12:43 - 0000000 ____D C:\Users\All Users\McAfee
2011-09-20 14:22 - 2011-03-21 12:43 - 0000000 ____D C:\ProgramData\McAfee
2011-09-20 14:16 - 2011-09-20 14:16 - 0000000 ____D C:\Program Files\McAfee.com
2011-09-20 14:16 - 2011-09-20 14:16 - 0000000 ____D C:\Program Files\Common Files\Mcafee
2011-09-20 12:30 - 2011-09-20 12:27 - 4188120 ____A (McAfee, Inc.) C:\Users\Carol\Downloads\McAfeeSetup.exe
2011-09-20 10:22 - 2011-09-20 10:22 - 0001127 ____A C:\Users\Carol\Downloads\Unconfirmed 88554.crdownload
2011-09-20 10:21 - 2011-09-20 10:21 - 0002575 ____A C:\Users\Carol\Downloads\Unconfirmed 99267.crdownload
2011-09-20 10:01 - 2011-09-20 10:01 - 0009815 ____A C:\Users\Carol\Downloads\Unconfirmed 20988.crdownload
2011-09-07 12:03 - 2011-09-07 12:03 - 0006900 ____A C:\Users\Carol\Downloads\Unconfirmed 23554.crdownload
2011-09-06 12:45 - 2011-09-21 12:49 - 0041184 ____N (AVAST Software) C:\Windows\avastSS.scr
2011-09-05 14:16 - 2011-09-05 13:01 - 0000000 ____D C:\Windows\pss
2011-09-05 14:00 - 2011-09-05 14:00 - 0000000 ____D C:\Users\Carol\AppData\Roaming\QuickScan
2011-09-05 13:57 - 2011-09-05 13:57 - 0197220 ____A C:\Users\Carol\AppData\Local\census.cache
2011-09-05 13:57 - 2011-09-05 13:57 - 0103167 ____A C:\Users\Carol\AppData\Local\ars.cache
2011-09-05 13:52 - 2011-09-05 13:52 - 0000036 ____A C:\Users\Carol\AppData\Local\housecall.guid.cache
2011-09-05 13:51 - 2011-09-05 13:51 - 2002320 ____A (Trend Micro Inc.) C:\Users\Carol\Downloads\HousecallLauncher.exe
2011-09-05 13:48 - 2011-09-05 13:47 - 54936832 ____A (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2011-09-05 13:48 - 2011-09-05 13:46 - 0000000 ____D C:\Program Files\Trend Micro
2011-09-05 13:23 - 2011-09-05 13:23 - 0035271 ____A C:\Users\Carol\Downloads\Unconfirmed 68761.crdownload
2011-09-05 13:06 - 2011-09-05 13:06 - 0024568 ____A C:\Users\Carol\Downloads\Unconfirmed 52517.crdownload
2011-09-05 13:06 - 2011-09-05 13:06 - 0013030 ____A C:\Users\Carol\Downloads\Unconfirmed 2016.crdownload
2011-09-05 12:56 - 2011-09-05 12:56 - 0024568 ____A C:\Users\Carol\Downloads\Unconfirmed 70378.crdownload
2011-09-05 06:16 - 2011-09-05 06:16 - 0000000 ____D C:\Users\Carol\AppData\Roaming\ScanSoft
2011-09-04 08:03 - 2010-08-06 18:44 - 0025128 ____A C:\Windows\System32\config\afw_hm.conf
2011-09-04 08:03 - 2010-08-06 18:44 - 0000004 ____A C:\Windows\System32\config\afw_db.conf
2011-09-03 00:18 - 2011-09-03 00:18 - 0094741 ____A C:\Users\Carol\Downloads\Unconfirmed 86100.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0078901 ____A C:\Users\Carol\Downloads\Unconfirmed 63546.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0058741 ____A C:\Users\Carol\Downloads\Unconfirmed 10145.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0042901 ____A C:\Users\Carol\Downloads\Unconfirmed 88846.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0029941 ____A C:\Users\Carol\Downloads\Unconfirmed 87310.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0027061 ____A C:\Users\Carol\Downloads\Unconfirmed 83638.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0026901 ____A C:\Users\Carol\Downloads\Unconfirmed 25556.crdownload
2011-09-03 00:18 - 2011-09-03 00:18 - 0025621 ____A C:\Users\Carol\Downloads\Unconfirmed 20049.crdownload
2011-09-03 00:15 - 2011-09-03 00:15 - 0006869 ____A C:\Users\Carol\Downloads\Unconfirmed 21268.crdownload
2011-09-03 00:12 - 2011-09-03 00:12 - 0013997 ____A C:\Users\Carol\Downloads\Unconfirmed 70156.crdownload
2011-09-03 00:12 - 2011-09-03 00:12 - 0013789 ____A C:\Users\Carol\Downloads\Unconfirmed 37432.crdownload
2011-08-31 08:00 - 2011-09-22 06:05 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-29 06:57 - 2011-03-30 12:36 - 0000000 ____D C:\Config.Msi
2011-08-23 22:54 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-23 12:49 - 2010-02-23 05:32 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-23 12:49 - 2010-02-23 05:32 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-21 01:00 - 2011-08-21 01:00 - 0053816 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2011-08-20 03:27 - 2010-08-06 07:09 - 0000000 ____D C:\Users\Carol\AppData\Local\Google
2011-08-20 02:09 - 2009-07-13 20:33 - 0340792 ____A C:\Windows\System32\FNTCACHE.DAT
2011-08-19 06:59 - 2011-09-21 22:54 - 0148520 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2011-08-19 05:27 - 2011-08-19 05:27 - 0000146 ____A C:\Users\Carol\Desktop\Continue iMesh installation.url
2011-08-18 01:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2011-08-18 01:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2011-08-18 01:09 - 2011-03-30 12:42 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2011-08-18 01:09 - 2011-03-30 12:42 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2011-08-18 01:09 - 2010-08-06 06:51 - 0000000 ____D C:\users\Carol
2011-08-18 01:09 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-08-18 01:09 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-08-15 23:06 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-08-15 01:00 - 2011-03-13 02:20 - 0461864 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2011-08-15 01:00 - 2011-03-13 02:20 - 0119808 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2011-08-13 12:49 - 2011-08-13 12:49 - 0000000 ____A C:\Users\Carol\AppData\Local\{950DB201-49B5-4E3D-9664-BB4A8CD381FC}
2011-08-10 22:21 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-08-10 22:07 - 2010-08-08 00:54 - 52390856 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-09 22:51 - 2010-02-23 05:32 - 0002293 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-08-07 08:30 - 2011-01-08 05:51 - 0000000 ____D C:\Users\Carol\AppData\Roaming\Canon
2011-08-06 12:41 - 2010-12-22 10:19 - 0000000 ____D C:\Users\Carol\AppData\Roaming\Skype
2011-08-06 12:40 - 2010-12-24 06:02 - 0000000 ____D C:\Users\Carol\AppData\Roaming\skypePM
2011-08-02 08:47 - 2011-08-02 08:47 - 0133750 ____A C:\Users\Carol\Downloads\192823_1460582450009_1696860310_679503_1865740_o.jpg
2011-07-21 22:38 - 2011-08-10 10:23 - 5989376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-21 20:56 - 2011-08-10 10:23 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

========================= Known DLLs =========================

[2009-07-13 16:20] - [2009-07-13 17:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:39] - [2009-07-13 17:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2009-07-13 15:26] - [2009-07-13 17:15] - 0304640 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2011-08-10 10:23] - [2011-06-20 21:34] - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2009-07-13 15:57] - [2009-07-13 17:15] - 0154624 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2009-07-13 15:25] - [2009-07-13 17:15] - 0118272 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-08-10 10:24] - [2011-07-15 20:34] - 0868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2009-07-13 15:25] - [2009-07-13 17:15] - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:12] - [2009-07-13 17:06] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\lz32.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:12] - [2009-07-13 17:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2010-10-14 00:28] - [2010-06-28 21:02] - 1413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-06-16 00:22] - [2010-12-17 21:31] - 0571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2009-07-13 15:44] - [2009-07-13 17:16] - 0080384 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
[2009-07-13 15:43] - [2009-07-13 17:16] - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
[2009-07-13 15:43] - [2009-07-13 17:16] - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
[2009-07-13 15:13] - [2009-07-13 17:16] - 0652288 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-07-13 15:16] - [2009-07-13 17:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2010-08-07 02:07] - [2010-07-27 06:03] - 12867584 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2009-07-13 15:39] - [2009-07-13 17:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-08-10 10:23] - [2011-06-20 21:36] - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
[2011-08-10 10:23] - [2011-06-20 21:36] - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-07-13 15:25] - [2009-07-13 17:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2009-07-13 15:41] - [2009-07-13 17:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2011-08-10 10:23] - [2011-06-20 21:36] - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2009-07-13 15:38] - [2009-07-13 17:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3032.89 MB
Available physical RAM: 2469.07 MB
Total Pagefile: 3031.17 MB
Available Pagefile: 2473.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:292.72 GB) (Free:253.61 GB) NTFS
3 Drive f: (COMP DOCTOR) (Removable) (Total:7.45 GB) (Free:6.22 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:5.37 GB) (Free:0.88 GB) NTFS

==========================================================

Last Boot: 2011-08-23 00:31

======================= End Of Log ==========================
leachim is offline  
Old 10-17-2011, 04:27 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



See if you can create a new user account. If successful, does the issue persist in that new account.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-18-2011, 01:50 AM   #15
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



Created new account

Went to logon after restart : "User Profile Service service failed the logon. User Profile cannot be loaded"

Was able to logon in Safe Mode, although error message came up - "Settings.ini is being used by another process"

All accounts are Administrators - although when saving anything to hard disk, it says "Contact Administrator to obtain permission"
leachim is offline  
Old 10-18-2011, 01:59 AM   #16
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



Created new account

Went to logon after restart : "User Profile Service service failed the logon. User Profile cannot be loaded"

Was able to logon in Safe Mode, although error message came up - "Settings.ini is being used by another process"

All accounts are Administrators - although when saving anything to hard disk, it says "Contact Administrator to obtain permission"
leachim is offline  
Old 10-18-2011, 04:09 AM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Sorry, but I have to ask - what did you name the new account?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 10-18-2011, 04:41 AM   #18
Registered Member
 
Join Date: Aug 2008
Posts: 485
OS: xp



tried 3 - Owner, User and test
leachim is offline  
Old 10-18-2011, 07:34 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Apologies for the delay. I don't see that malware was the cause of this. Googling the error produces many people with the same issue and as malware is my forte' and not the Windows 7 Operating System, I am hesitant to continue and advise you on how to repair the permissions issues. At this point, I feel it's best you seek further troubleshooting guidance from the experts in our Windows 7 Support section.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] my internet keep getting disconnecting connecting
Hi.I'm new on this forum.I got problem with my internet connection.It keeps dropping then connecting by itself.I cant download anything because in the middle it just drops.My connection is wireless and is cable.My other housemates who have laptops like me have no problem with connection.I took my...
jumrose123 Networking Support 52 03-21-2014 05:18 PM
Strange Permission Problems with TextEdit
Hi all. Ever since I installed Lion I've had some odd permission problems with TextEdit. I'll just be typing along and saving and then suddenly it will tell me I don't have permission to save into the folder where the file is located! I have to reboot to get rid of the problem! This happens...
Shoal Mac Support 7 08-07-2012 01:18 PM
NTFS permission not propogating for one user
hi i have shared folder on one of the drive in my windows 2008 server machine. i have removed the inherited permission from that folder. i have added administrator, user 1 and user 2 to have full control permission on the folder and subfolder. however only administrator and user 1 gets the...
priyamvaidya Windows Servers 4 08-08-2011 02:15 PM
A Complex Issue...
Summary of problem: My family has been having trouble with this laptop for some time now. I've taken up the task of trying to solve whatever problem it may have. I find myself at a dead end though. I found that the computer, get this, had no anti virus protection. So I installed AVG. However, AVG...
Tyger2057 Windows 7 , Windows Vista Support 4 03-13-2011 10:31 AM
VPN cant browse network WINS
I have two machines running Windows Server 2008 sp2. Machine A has Routing and remote acces and is a WINS server Machine B is the client I use to VPN into machine A The VPN is over the internet WAN Both are at different locations. No DNS, no Domain, Both workgroup When connected, Machine...
Tony_2007 Networking Support 0 01-16-2011 06:47 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts