Author Topic: Windows Defender removed/disabled by malware  (Read 17709 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeb123

  • Newbie
  • *
  • Join Date: May 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Windows Defender removed/disabled by malware
« on: May 09, 2013, 07:37:47 am »
 Tweaking is a great programme, but sadly it failed to detect or repair the missing Windows Defender on my PC. It's not listed as a programme, it's not available to be switched on or off or removed and I can't reinstall the prog either, and that's after MS have tried to effect a repair too?? Any ideas?

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #1 on: May 09, 2013, 01:17:13 pm »
My repair tool does put back the Windows defender service. But if it still getting deleted then you may still have an infection on your system that is deleting it. :wink:

What tools have you ran to check  your system for infections?

Shane

Offline mikeb123

  • Newbie
  • *
  • Join Date: May 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #2 on: May 10, 2013, 04:24:07 am »
Hi Shane,

I asked Microsoft to help me after MS Security Essentials detected the malware (sadly I didn't note the name - stupid of me!). I had already run MS/SE several times and it showed clear, but several security programmes were still locked out.

But when I asked MS for help, they ran your programme and another called Hitman Pro. Eventually the MS Helpdesk people seemed to clear the infection and got the Firewall and Security Center Service going again, but not Windows Defender.

It's now my mission to try to find a way to re-instate W/Defender and I'd welcome any advice etc you can offer  :smiley:
Regards
Mike

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #3 on: May 10, 2013, 02:05:05 pm »
Have you ran

tdsskiller.exe
combofix.exe
Malwarebytes Anti rootkit (Not their normal anti malware one)

If not lets run those first and then we can dive in and see if we can get it fixed :-)

Shane

Offline mikeb123

  • Newbie
  • *
  • Join Date: May 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #4 on: May 12, 2013, 07:50:08 am »
Hi Shane,
I ran tdsskiller with no result.
I then ran malwarebytes anti root and it identified 8 versions of Trojan.siredef.c and dealt with them - I think?
I then ran combofix and it identified several issues that I won't pretend to understand and produced a txt report which I have attached below - sorry if this is too much data?
Having done all this, the Action Centre flag that has been missing for ages suddenly re-appeared - good news and a sign of progress, I wondered?
Excited with the apparent progress, I entered 'Defender' in the search box and then tried to open it, but yet again it returned the error code 0x80070005.
So, Defender is still hidden and apparently incapable of being opened, so any advice you can offer will be much appreciated :o)

Mike

[code]

ComboFix 13-05-12.01 - Mike 12/05/2013  15:07:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.7863.5968 [GMT 1:00]
Running from: c:\users\Mike\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{393E075B-AF9F-46DB-944E-5B4A242AE52E}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB35F8C1-163F-4194-B0DD-1EA926708D08}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1003.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1038.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc107A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10FF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1150.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1158.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1181.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1249.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc140E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1438.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1443.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1459.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc149E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14CA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1505.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1535.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc155E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc160D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1631.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc168.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1681.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16C5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16E7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc171C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17D6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18E3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18EC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1983.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc199E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A55.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AB9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AD0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AD8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B50.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B68.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B80.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BC8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BE7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BF9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D1C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D4D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E89.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EA0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F16.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FAF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc203D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc203E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2044.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc208A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2198.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2254.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22B2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22C6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc231E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2352.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc239A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc240.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc244E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2542.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25F6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc285B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2991.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29A3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29FD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A35.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A64.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B0C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B39.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BE7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2CC6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D04.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D7D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E54.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E63.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E71.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E8A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F51.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F97.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2FA3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3034.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3040.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3084.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3143.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc317C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc31F6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3233.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc324.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc324D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc32FE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3338.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3441.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3471.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3498.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc34A3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc34C1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3531.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc36BE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc372A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc373B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3768.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc382D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3999.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A70.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C0B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C2E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C5B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C9E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E44.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F39.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FC3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40AF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40E3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40FC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4129.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4185.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4202.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc426.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc42A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc42B8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc434E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4431.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4499.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc44E7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc44EC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4578.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc457B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4596.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4606.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc465A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc46D5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4782.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4798.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47F5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4824.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc488.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48F0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc493C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4961.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49B6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A25.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A2F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A6B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BD9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4C57.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CDE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D18.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D66.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4DBA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E97.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F46.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F4D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F8A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4FC6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4FC9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5053.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5060.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50C1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50E1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50E6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50F9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc513A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5160.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc51AC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc534A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53A4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc552A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5584.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55A4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5628.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc56CC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc56E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5722.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5970.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5978.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59E3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A56.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A67.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5AC3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5AC8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5AD7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5C13.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5C84.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5CD6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D3B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D81.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D90.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DFD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E99.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EC0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F14.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc600B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6048.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6085.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc60C8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6171.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc61CC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc62AD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc62AE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6431.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64C4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64C7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc652E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6591.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc669F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc67E9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc681.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6839.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68B2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc69CC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc69FC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A7A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6ABC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6BA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C1F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C33.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C53.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CA9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CE8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D43.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E43.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E94.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6ED0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EDA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F4B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6FF2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7021.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7043.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7079.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70CC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70D2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7157.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc71B2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc71DC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc720A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc72F5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7306.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc74DE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7506.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7522.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7523.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc765B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7677.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc769.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76EA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7751.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7779.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7790.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc780F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7837.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc78BB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A12.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7AC5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B25.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7BEA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C19.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C4F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7CBD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7CF5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7DD6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E93.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EC0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EE5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7FBF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc804.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80DD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8117.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc813C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc823C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8298.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc82B5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8308.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc831.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8328.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8359.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83E6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84D9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8543.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8577.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85E3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8606.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc871A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8743.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8792.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc87BA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc87E5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc87F9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8981.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A0D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B7D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B83.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C92.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8CD1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DAB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DBF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E8E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8EBC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc904F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc90D9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9127.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9159.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc920F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9211.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc924A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9376.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc939F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93B9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93BF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9446.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc949B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc95AF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9647.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9733.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9775.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97AD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98AB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc995E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9999.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99B3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A3B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9ACB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9AD0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B94.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C6E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D0B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D0D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D14.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D67.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DE2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E7A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F9D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA064.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0DE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA13E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA18C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA216.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA23D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA402.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA47C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA52.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA59.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA610.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA71A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA797.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7CE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7EB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA843.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8FD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA94.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA71.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA84.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAEF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB47.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABA8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABE2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC01.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC14.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACB9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACC6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD60.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADD9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADE1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADFF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE0C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE66.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAED2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF38.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF5D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFCB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB023.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB07C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0ED.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB136.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB13D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB148.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB14A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB19B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1D5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB225.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB24E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB35.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB351.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB368.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3BE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3CE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB486.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB507.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB58.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB63D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB71.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB712.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB7B8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB7ED.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB84E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB8A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB916.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB978.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB9AF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBAD5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB0D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB43.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB8B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBBAB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBBB9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC94.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCE9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD56.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD6B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDB3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDF7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE84.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC00.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC009.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC035.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC14D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC212.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC258.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2B4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2C6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC48.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4CD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC524.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5DB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6B7.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC78E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7B6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC81F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8A5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA4E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB77.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBE6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC53.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCCFE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD4C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD7F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD8B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE35.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE81.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEA0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF32.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFE2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFFC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD07.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD098.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD09D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0CC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD1E6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD2B4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD2BF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD2D6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3F4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD50C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD53B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD579.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5A3.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD63C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6A2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6F8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD705.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD71F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8B0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD95C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD983.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA0B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA16.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA4D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA6E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDAA1.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDAE4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB58.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC12.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC16.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC2F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC9B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDCB9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDCFD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD2D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDDBF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF41.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFC2.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE002.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE07F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE169.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE29D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2BF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3D5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE42C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE47E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE551.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE555.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE59.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5DE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE669.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE71C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE72E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE763.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE7B0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE82.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8EE.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8F4.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE92A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE965.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA3A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA7E.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEABF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB52.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB8D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB93.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEBBA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEBC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEBD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECBF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECF9.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED5D.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEDCF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEEFD.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEFD5.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0A0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0A6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0A8.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF133.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF154.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF227.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF266.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF2E6.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF32.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF438.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF442.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF499.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF520.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF590.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5EB.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF672.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6AC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6DF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6EF.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF737.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF86A.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF911.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF92F.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFA4B.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFA90.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB6C.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB81.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB82.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBDA.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC49.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC65.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD91.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDED.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE57.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFED0.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEDC.tmp
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF1F.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-12 to 2013-05-12  )))))))))))))))))))))))))))))))
.
.
2013-05-12 14:16 . 2013-05-12 14:16   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-05-12 00:58 . 2013-04-10 03:46   9317456   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F19D0338-502D-45FD-ABC2-5407AB2EF474}\mpengine.dll
2013-05-11 14:30 . 2013-04-10 03:46   9317456   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-09 14:49 . 2013-05-09 14:49   --------   d-----w-   c:\users\Mike\AppData\Roaming\Malwarebytes
2013-05-09 14:48 . 2013-05-09 14:48   --------   d-----w-   c:\programdata\Malwarebytes
2013-05-09 14:48 . 2013-05-09 14:49   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-09 14:48 . 2013-04-04 13:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-05-09 14:16 . 2013-05-12 13:54   --------   d-----w-   c:\windows\system32\catroot2
2013-05-09 12:27 . 2013-05-09 12:27   --------   d-----w-   c:\windows\SysWow64\searchplugins
2013-05-09 12:27 . 2013-05-09 12:27   --------   d-----w-   c:\windows\SysWow64\Extensions
2013-05-09 12:26 . 2013-05-09 12:57   --------   d-----w-   c:\programdata\Tarma Installer
2013-05-09 12:26 . 2013-05-09 12:26   --------   d-----w-   c:\users\Mike\AppData\Roaming\Babylon
2013-05-09 12:26 . 2013-05-09 12:26   --------   d-----w-   c:\programdata\Babylon
2013-05-06 12:01 . 2013-05-06 12:01   --------   d-----w-   c:\programdata\HP Product Assistant
2013-05-06 12:00 . 2013-05-06 12:00   --------   d-----w-   c:\program files (x86)\Common Files\HP
2013-05-03 18:05 . 2013-05-04 07:22   --------   d-----w-   c:\windows\softwaredistribution.bak
2013-05-03 17:45 . 2013-05-03 17:45   --------   d-----w-   C:\RegBackup
2013-05-03 16:03 . 2013-05-03 16:03   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-05-03 16:03 . 2013-05-03 16:02   866720   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-05-03 16:03 . 2013-05-03 16:02   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-29 11:39 . 2013-04-29 11:39   905296   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62D99EB3-3437-473A-B268-BEE734B6D431}\gapaengine.dll
2013-04-29 10:56 . 2013-05-09 14:13   --------   d-----w-   c:\windows\SysWow64\wbem\Performance
2013-04-29 10:54 . 2013-05-09 14:18   181064   ----a-w-   c:\windows\PSEXESVC.EXE
2013-04-29 10:53 . 2013-04-29 10:53   --------   d-----w-   c:\program files (x86)\Tweaking.com
2013-04-29 10:45 . 2013-04-29 10:50   --------   d-----w-   c:\programdata\HitmanPro
2013-04-29 10:27 . 2013-04-29 11:28   --------   d-----w-   c:\users\Mike\AppData\Local\LogMeIn Rescue Applet
2013-04-26 11:38 . 2013-03-01 03:36   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-04-26 11:37 . 2013-01-24 06:01   223752   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-04-26 11:36 . 2013-03-19 06:04   5550424   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-04-26 11:36 . 2013-03-19 05:46   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2013-04-26 11:36 . 2013-03-19 05:04   3968856   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-04-26 11:36 . 2013-03-19 05:04   3913560   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-04-26 11:36 . 2013-03-19 04:47   6656   ----a-w-   c:\windows\SysWow64\apisetschema.dll
2013-04-26 11:36 . 2013-03-19 03:06   112640   ----a-w-   c:\windows\system32\smss.exe
2013-04-26 11:36 . 2013-04-12 14:45   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-04-24 04:09 . 2013-04-26 13:24   163504   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 16:02 . 2011-01-12 18:04   788896   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-05-03 15:57 . 2012-03-29 14:17   691592   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-03 15:57 . 2011-06-20 10:45   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2011-01-11 13:25   278800   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-29 00:42 . 2011-06-16 11:16   895088   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-29 00:42 . 2011-03-12 11:20   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-26 12:05 . 2011-01-11 12:14   72702784   ----a-w-   c:\windows\system32\MRT.exe
2013-03-13 09:06 . 2013-03-13 09:06   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 09:06 . 2013-03-13 09:06   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 09:06 . 2013-03-13 09:06   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-03-13 09:06 . 2013-03-13 09:06   226304   ----a-w-   c:\windows\system32\elshyph.dll
2013-03-13 09:06 . 2013-03-13 09:06   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-03-13 09:06 . 2013-03-13 09:06   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-03-13 09:06 . 2013-03-13 09:06   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-03-13 09:06 . 2013-03-13 09:06   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-03-13 09:06 . 2013-03-13 09:06   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-03-13 09:06 . 2013-03-13 09:06   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 09:06 . 2013-03-13 09:06   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-03-13 09:06 . 2013-03-13 09:06   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-03-13 09:06 . 2013-03-13 09:06   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-03-13 09:06 . 2013-03-13 09:06   361984   ----a-w-   c:\windows\SysWow64\html.iec
2013-03-13 09:06 . 2013-03-13 09:06   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-03-13 09:06 . 2013-03-13 09:06   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-03-13 09:06 . 2013-03-13 09:06   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-03-13 09:06 . 2013-03-13 09:06   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 09:06 . 2013-03-13 09:06   97280   ----a-w-   c:\windows\system32\mshtmled.dll
2013-03-13 09:06 . 2013-03-13 09:06   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-03-13 09:06 . 2013-03-13 09:06   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-03-13 09:06 . 2013-03-13 09:06   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-03-13 09:06 . 2013-03-13 09:06   599552   ----a-w-   c:\windows\system32\vbscript.dll
2013-03-13 09:06 . 2013-03-13 09:06   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-03-13 09:06 . 2013-03-13 09:06   441856   ----a-w-   c:\windows\system32\html.iec
2013-03-13 09:06 . 2013-03-13 09:06   281600   ----a-w-   c:\windows\system32\dxtrans.dll
2013-03-13 09:06 . 2013-03-13 09:06   27648   ----a-w-   c:\windows\system32\licmgr10.dll
2013-03-13 09:06 . 2013-03-13 09:06   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-03-13 09:06 . 2013-03-13 09:06   247296   ----a-w-   c:\windows\system32\webcheck.dll
2013-03-13 09:06 . 2013-03-13 09:06   235008   ----a-w-   c:\windows\system32\url.dll
2013-03-13 09:06 . 2013-03-13 09:06   216064   ----a-w-   c:\windows\system32\msls31.dll
2013-03-13 09:06 . 2013-03-13 09:06   197120   ----a-w-   c:\windows\system32\msrating.dll
2013-03-13 09:06 . 2013-03-13 09:06   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-03-13 09:06 . 2013-03-13 09:06   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-03-13 09:06 . 2013-03-13 09:06   144896   ----a-w-   c:\windows\system32\wextract.exe
2013-03-13 09:06 . 2013-03-13 09:06   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-03-13 09:06 . 2013-03-13 09:06   102912   ----a-w-   c:\windows\system32\inseng.dll
2013-03-13 09:06 . 2013-03-13 09:06   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 09:06 . 2013-03-13 09:06   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-03-13 09:06 . 2013-03-13 09:06   62976   ----a-w-   c:\windows\system32\pngfilt.dll
2013-03-13 09:06 . 2013-03-13 09:06   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-03-13 09:06 . 2013-03-13 09:06   51200   ----a-w-   c:\windows\system32\imgutil.dll
2013-03-13 09:06 . 2013-03-13 09:06   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-03-13 09:06 . 2013-03-13 09:06   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-03-13 09:06 . 2013-03-13 09:06   149504   ----a-w-   c:\windows\system32\occache.dll
2013-03-13 09:06 . 2013-03-13 09:06   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-03-13 09:06 . 2013-03-13 09:06   136192   ----a-w-   c:\windows\system32\iepeers.dll
2013-03-13 09:06 . 2013-03-13 09:06   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-03-13 09:06 . 2013-03-13 09:06   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-02-12 05:45 . 2013-03-13 06:58   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 06:58   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 06:58   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 06:58   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 06:58   474112   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 06:58   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 08:51   19968   ----a-w-   c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40   120176   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-19 1199576]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-06 1099608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2011-1-12 117344]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2011-1-12 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle
« Last Edit: May 13, 2013, 09:12:56 pm by Shane »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #5 on: May 13, 2013, 09:15:57 pm »
Ok now that we found more infections and removed them try my repair tool again. Make sure to do a reg backup before hand and lets see how it goes :wink:

Now hopefully the infection is gone, so now we need to replace the missing reg keys, which my repair will do.

Shane

Offline Dannim

  • Newbie
  • *
  • Join Date: May 2013
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #6 on: May 18, 2013, 07:19:35 pm »
Hey Shane, I believe I've come across this just recently. 

In my instance in addition to the registry files being missing/corrupt, the Windows Defender folder only contained symlinks to System32\config.  I deleted the file symlinks without issue, however the "en-US" folder could not be removed without attempting to take the System32\config folder with it.  "rmdir" returned "This directory is not empty".

I ended up renaming "en-US" and copying the Windows Defender folder directly from another like machine (Vista x86).  Windows Defender was then able to start and do updates.

I am starting to see this more frequently so I believe there is a new variant of 0access (Sirefef) out there that is causing it.  One of the side effects (intentional or otherwise) appears to be the message "The file contained a virus and was deleted" from IE when downloading.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #7 on: May 20, 2013, 10:00:40 am »
Hey Shane, I believe I've come across this just recently. 

In my instance in addition to the registry files being missing/corrupt, the Windows Defender folder only contained symlinks to System32\config.  I deleted the file symlinks without issue, however the "en-US" folder could not be removed without attempting to take the System32\config folder with it.  "rmdir" returned "This directory is not empty".

I ended up renaming "en-US" and copying the Windows Defender folder directly from another like machine (Vista x86).  Windows Defender was then able to start and do updates.

I am starting to see this more frequently so I believe there is a new variant of 0access (Sirefef) out there that is causing it.  One of the side effects (intentional or otherwise) appears to be the message "The file contained a virus and was deleted" from IE when downloading.

So do you think the virus added the symlinks that broke it?

Shane

Offline Dannim

  • Newbie
  • *
  • Join Date: May 2013
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #8 on: May 20, 2013, 10:59:05 am »
Yes, I've seen this happen on 3 machines in the last couple days.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #9 on: May 21, 2013, 12:51:11 pm »
Fixing symbolic links would be a great addition to the program since they can truly destroy a machine if you think about.

Problem is I need to find out what API to call to view/edit/add/delete symbolic links.

Shane

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Windows Defender removed/disabled by malware
« Reply #10 on: May 24, 2013, 05:56:06 am »
My repair tool does put back the Windows defender service. But if it still getting deleted then you may still have an infection on your system that is deleting it. :wink:

What tools have you ran to check  your system for infections?

Shane
is Microsoft Security Essentials running? If so, Microsoft Security Essentials turns off Defender by default