Solved HJT log is this clean?

Status
Not open for further replies.

Dkent

Posts: 10   +0
Hello, I do a hijack this log once a month and have noticed that it seems to be getting longer, please can someone check to make sure that this log is ok for me?

I have noticed another name appear on my log in screen for Hotmail where I type in my email address, I have deleted all history and it seems to have gone,I am worried that someone may have attempted to hijack my computer
 

Attachments

  • hijackthislog.txt
    6.6 KB · Views: 3
Please note: we do not use HijackThis to screen for malware. I would suggest that you not do so either.

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Thank you for taking time out to reply to me, I have done as requested. The only problem I had was that i could not turn off my AVG anti virus and it detected the downloaded GMER program as a possible threat which i take is not correct.
Here are my logs

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Darran :: DARRAN-PC [administrator]

06/04/2012 13:06:05
mbam-log-2012-04-06 (13-06-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224893
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-06 13:19:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-07B4A0 rev.01.03A01
Running: ly9be071.exe; Driver: C:\Users\Darran\AppData\Local\Temp\uglirpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Darran at 13:28:46 on 2012-04-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2296 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [NWEReboot]
mRun: [Skytel] Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F333FEB7-515F-4B69-9B39-735CE3A30B74} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\darran\appdata\roaming\mozilla\firefox\profiles\hfzwxcdz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-16 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-6 12672]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-1 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-29 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-06 12:28:15 -------- d-----w- c:\users\darran\appdata\local\{64667079-F00D-4E92-9242-662CC99AB63E}
2012-04-06 12:27:55 -------- d-----w- c:\users\darran\appdata\local\{8FA1628A-978C-41ED-9C24-3A9AA17CE005}
2012-04-06 11:08:10 -------- d-----w- c:\users\darran\appdata\local\{BDB5A3B4-A78A-4D5A-A74F-A5324E1D6A9F}
2012-04-06 11:07:53 -------- d-----w- c:\users\darran\appdata\local\{6FA276F7-BE89-4D50-AB35-E1E54E0913C0}
2012-04-06 10:53:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 10:53:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 10:50:48 -------- d-----w- c:\users\darran\appdata\local\{D96EDB40-53C6-497E-A1EA-37213E60BA68}
2012-04-06 10:33:12 -------- d-----w- c:\users\darran\appdata\local\{CE8F5F02-27CA-4930-9F59-83C4B53C7FEC}
2012-04-03 21:35:50 -------- d-----w- c:\users\darran\appdata\roaming\Malwarebytes
2012-04-03 21:35:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 21:35:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 21:35:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 18:13:45 388096 ----a-r- c:\users\darran\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-26 17:19:37 -------- d-----w- c:\users\darran\appdata\local\{2D365183-7594-4551-9032-C174BB130027}
2012-03-26 17:19:26 -------- d-----w- c:\users\darran\appdata\local\{A3D027EB-FA68-471B-A461-93389E1AF751}
2012-03-22 21:36:27 -------- d-----w- c:\program files\Atari800WinPLus
2012-03-22 17:08:50 -------- d-----w- c:\users\darran\appdata\local\{32858820-0994-48AD-B13E-4806043E603D}
2012-03-22 17:08:33 -------- d-----w- c:\users\darran\appdata\local\{F8DE26B4-85E2-4BC1-BD9C-213101DCE420}
2012-03-21 16:04:31 -------- d-----w- c:\users\darran\appdata\local\{44E1D687-2C8B-4403-BCE6-3990BBE4A4F9}
2012-03-21 16:04:20 -------- d-----w- c:\users\darran\appdata\local\{7E2F2CC1-7E3A-4884-86E0-C3253377F9D2}
2012-03-20 18:59:31 -------- d-----w- c:\users\darran\appdata\local\{ACB0A071-4BFD-4518-811F-69C4E1C7A99E}
2012-03-20 18:59:20 -------- d-----w- c:\users\darran\appdata\local\{86D35532-D3C1-4299-AA52-160E8120D708}
2012-03-17 22:55:42 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 22:55:42 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 22:50:04 -------- d-----w- c:\users\darran\appdata\local\{C5CB59D1-C485-4F37-91A7-8C9154B6DD2B}
2012-03-17 22:49:53 -------- d-----w- c:\users\darran\appdata\local\{E9B2FB10-2C36-4299-8A72-19EFF00F4136}
2012-03-16 17:04:39 -------- d-----w- c:\users\darran\appdata\local\{A7F5620A-EC10-4E79-8366-891CE2B66DE7}
2012-03-16 17:04:24 -------- d-----w- c:\users\darran\appdata\local\{C6E5E5E1-0857-4649-ACCC-8C19C55D27C9}
2012-03-15 15:57:23 -------- d-----w- c:\users\darran\appdata\local\{FCB99256-30AC-40E6-BCE9-607DDEE93590}
2012-03-15 15:57:12 -------- d-----w- c:\users\darran\appdata\local\{AB6EF2C7-12C8-4D40-8236-64F2F1E6A4E3}
2012-03-14 15:59:47 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:59:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 15:59:44 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 15:59:44 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 15:59:44 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 15:59:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:59:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 15:58:53 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:58:53 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:55:01 -------- d-----w- c:\users\darran\appdata\local\{2F48535A-FBB1-488F-82A8-71CD9E542D38}
2012-03-14 15:54:50 -------- d-----w- c:\users\darran\appdata\local\{52EC7BAB-B8B0-4852-B9D8-85F84CE04270}
2012-03-12 17:08:53 -------- d-----w- c:\users\darran\appdata\local\{145A87D8-1898-4536-80D9-C8CDB64D72AD}
2012-03-12 17:08:41 -------- d-----w- c:\users\darran\appdata\local\{29E346D9-A337-40AB-9ADB-8468925095B5}
2012-03-09 13:04:58 -------- d-----w- c:\users\darran\appdata\local\{46EE3342-322F-4E66-BBBC-E72C392372A2}
2012-03-09 13:04:41 -------- d-----w- c:\users\darran\appdata\local\{53A594DD-B970-451B-8CCF-2D74F74EC0E9}
2012-03-08 14:06:05 -------- d-----w- c:\users\darran\appdata\local\{D9968868-4A2E-4981-B4D3-69975BE1DA2A}
2012-03-08 14:05:51 -------- d-----w- c:\users\darran\appdata\local\{F39BAD53-BC09-4A31-95E3-4547B4F11273}
.
==================== Find3M ====================
.
.
============= FINISH: 13:30:04.57 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/06/2009 17:56:30
System Uptime: 06/04/2012 13:26:10 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS | | MS-7504VP-PV
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2403/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 76 GiB total, 10.668 GiB free.
D: is FIXED (NTFS) - 213 GiB total, 52.964 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1035: 30/03/2012 18:19:56 - Scheduled Checkpoint
RP1036: 01/04/2012 00:41:57 - Scheduled Checkpoint
RP1037: 03/04/2012 19:13:24 - Installed HiJackThis
RP1038: 05/04/2012 04:10:38 - Scheduled Checkpoint
RP1039: 06/04/2012 00:10:52 - Scheduled Checkpoint
RP1040: 06/04/2012 11:45:28 - Removed Adobe Reader 9.4.7.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
µTorrent
Audacity 1.2.6
Auslogics Disk Defrag
Auto Gordian Knot 2.55
AVG 2012
AviSynth 2.5
BT Broadband Desktop Help
BT Broadband Support Tools
BTHomeHub
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CPUID CPU-Z 1.52.2
CPUID HWMonitor 1.15
D3DX10
Epson Print CD
EPSON Printer Software
Fallout 3
Fallout: New Vegas
Fujitsu Siemens Computers Recovery
Google Desktop
GoToAssist Corporate
Great Eastern
Half-Life 2: Lost Coast
Half-Life(R) 2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
mkv2vob
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
PS3 Media Server
QuickTime
RailWorks
RapidShare Manager
Realtek High Definition Audio Driver
rFactor (remove only)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Source SDK Base
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Steam(TM)
System Requirements Lab
System Requirements Lab CYRI
SystemDiagnostics
The Longest Journey Demo
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
VLC media player 2.0.1
VobSub v2.23 (Remove Only)
Watchtower Library 2008 - English
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
06/04/2012 13:26:30, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0024215AC802 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/04/2012 12:00:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
06/04/2012 12:00:43, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/04/2012 12:00:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
05/04/2012 19:15:27, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 
Yes, AVG does things like that at times! You didn't need to disable AVG for those scans, but you will have to uninstall it for the following:

I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Thank you for looking at this for me, I have done as requested and please find the enclosed logs.

Darran

ComboFix 12-04-07.02 - Darran 07/04/2012 13:22:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2120 [GMT 1:00]
Running from: c:\users\Darran\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1ECA.tmp
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F15.tmp
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DE.tmp
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C32.tmp
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DA8.tmp
c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF3C.tmp
c:\users\Darran\GoToAssistDownloadHelper.exe
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1613.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc34C8.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4701.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48F4.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D7A.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5228.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55C2.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CB9.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F68.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75DD.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80C6.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86FD.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FB4.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9540.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C3A.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC0B.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACC.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0BB.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA0E.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7F4.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDC1.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF72.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6A2.tmp
c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8B5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 12:28 . 2012-04-07 12:29 -------- d-----w- c:\users\Darran\AppData\Local\temp
2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Chalina\AppData\Local\temp
2012-04-07 12:03 . 2012-04-07 12:14 -------- d-----w- c:\programdata\AVAST Software
2012-04-07 12:03 . 2012-04-07 12:03 -------- d-----w- c:\program files\AVAST Software
2012-04-06 13:22 . 2012-04-06 13:22 -------- d-----w- c:\users\Darran\AppData\Roaming\Yahoo!
2012-04-06 10:53 . 2012-04-06 13:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 10:53 . 2012-04-06 13:01 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Darran\AppData\Roaming\Malwarebytes
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 21:35 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 18:13 . 2012-04-03 18:13 388096 ----a-r- c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-22 21:36 . 2012-03-22 21:46 -------- d-----w- c:\program files\Atari800WinPLus
2012-03-17 22:55 . 2012-03-17 22:55 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 22:55 . 2012-03-17 22:55 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 15:59 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:59 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 15:59 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 15:59 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 15:59 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 15:59 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:59 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 15:58 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:58 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 21:56 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-28 12:03 . 2012-01-28 12:03 29184 ----a-r- c:\users\Darran\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-03-17 22:55 . 2011-05-18 21:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-01 07:26 . 2010-11-01 07:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-19 288048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Darran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Darran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 11:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-11-01 07:26 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 19:49 6591800 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 08:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-26 22:07 1242448 ----a-w- d:\games\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:01]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 12:04]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 12:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Darran\AppData\Roaming\Mozilla\Firefox\Profiles\hfzwxcdz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Install5G - E:\Install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 13:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-07 13:30:42
ComboFix-quarantined-files.txt 2012-04-07 12:30
.
Pre-Run: 13,309,845,504 bytes free
Post-Run: 13,108,047,872 bytes free
.
- - End Of File - - 8F22DB150E5B5E31EBBE3CA4A93DB58F


C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
Folder::
c:\users\Darran\AppData\Local\temp
c:\users\Elizabeth\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\Chalina\AppData\Local\temp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"=-

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files 
    C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a 
    C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
=======================================
Please uninstall the HijackThis you have now- it isn't set up correctly. Then do the following:
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
==================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
FYI: The users Elizabeth and Chalina both had numerous temporary internet files for "mccxxx.tmp' removed.I can't identify any of them.

Darran had GoToAssistDownload Helper removed.

I'm not sure if it's just Darran's account, but there are 2 registry entires with multiple programs in the Startop Folder>> None of those programs need to start on boot and run in the background. There are also multiple processes from 'msconfig' Startup Menu. None need to start on boot.

Note: I won't be online tomorrow, Easter Subday. We will finish on Monday.
 
I have deleted the other 2 accounts,hope that is ok?. I have noticed that there is alot of hard drive activity from my PC even where I am not doing anything,is this normal?

Here are the logs.

ComboFix 12-04-07.02 - Darran 08/04/2012 10:50:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2353 [GMT 1:00]
Running from: C:\Users\Darran\Desktop\ComboFix.exe
Command switches used :: C:\Users\Darran\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\users\Darran\AppData\Local\temp
c:\users\Darran\AppData\Local\temp\Cookies\1A51724H.txt
c:\users\Darran\AppData\Local\temp\Cookies\6T5DM71J.txt
c:\users\Darran\AppData\Local\temp\Cookies\7A8KY0JA.txt
c:\users\Darran\AppData\Local\temp\Cookies\8JZ242AN.txt
c:\users\Darran\AppData\Local\temp\Cookies\92IMIT2L.txt
c:\users\Darran\AppData\Local\temp\Cookies\AL8W11P5.txt
c:\users\Darran\AppData\Local\temp\Cookies\D2LZ9V3X.txt
c:\users\Darran\AppData\Local\temp\Cookies\HP9OZ5SJ.txt
c:\users\Darran\AppData\Local\temp\Cookies\index.dat
c:\users\Darran\AppData\Local\temp\Cookies\JQFHBO3X.txt
c:\users\Darran\AppData\Local\temp\Cookies\MCVYTGWV.txt
c:\users\Darran\AppData\Local\temp\Cookies\UOIBOCDJ.txt
c:\users\Darran\AppData\Local\temp\History\History.IE5\desktop.ini
c:\users\Darran\AppData\Local\temp\History\History.IE5\index.dat
c:\users\Darran\AppData\Local\temp\History\History.IE5\MSHist012012040720120408\index.dat
c:\users\Darran\AppData\Local\temp\History\History.IE5\MSHist012012040820120409\index.dat
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\_Xn9awSyoa6OasigcEYvmOIrttL8z4o2lYqGwkIk2NXST4un2ehPPHdMERMjrU7ydDY9JVf0htqHHrJ1hhCub8cdcbrI[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\104[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\11s[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\28s[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\39s[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\7e3U1yeyoa6BKQs7TbAAiiPeqqJ9ExiWCuHEO6S6e4FAm8a2eJyrSbWmDdqwrsYVbuzlmrcaMjn3GMkOjJIcO7l12c9ocktGT_VOXy1V4IQ-[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\anim_loading_sm_082208[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\avatar122067_1[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bc_2.0.5[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bc_2.0.5[2].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bouncing-Balls-398x208[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\browneyesdt[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_CLICK_CENTER_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LEFT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_EX_UNSELECTED_LEFT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_HEUR_UNSELECTED_CENTER[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_SELECTED_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_OVER_LEFT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA08WK4G
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA0G8QV4
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA0TA8SJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA15ZI7K
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA1HGAA3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA21SY01
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA2TRFXB
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA3DLXLR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA40FZHS
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA5QRIXJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA6N3TE3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA6OCG7V
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA76VYRC
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA7PGHE4
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8A2B2X
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8L9T99
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8LAE13
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8WOITB
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA98FC8G
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAA7NPV2
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAAR4OHU
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAARJN6T
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CABBQSCP
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CABUYK26
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CACVMYTD
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAE2IQQA
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAEAOYXN
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAEW8T1S
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAF3M9NX
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAII3XU1
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAIZ4NR4
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJCSWYT
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJO5QYZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJVWBDQ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAK5132E
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAO91T4N
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQ74R2X
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQ9ULOT
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQPZMR8
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CARNT3S1
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAS74M68
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CASAP95R
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CASPEUYY
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAUD71SB
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAULBAV5
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAUVVHDW
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAVQ62XU
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAVSNL4A
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAW6YJRV
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAW9SRI9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAX0X2MQ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAXM7JRA
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAYC13IY
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAYTDS3U
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAZL589I
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[3].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\clientad_rotator_090324[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\clk[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[2].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[3].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[4].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[5].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\delicious_1[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\desktop.ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\edgeworld_398x208_yahoo[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_ALL_CSS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_LIB_JS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_RESET_CSS[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\flash11.2.202.228[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\GmAb3q2yoa66Ee7W9ZPq7DRVhrb5xH77VgXEcJPdCw6qrSqO9ipHFynjHViikXWEQdfGtVE1uqssdSGdCS7eU_Y[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\googlevideoads[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\gr10-swfo22_201105121000[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\grand-prix-go-64[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IE7FIXES[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\iMeCKjOyoa7rrBeWgM3jbuia_klzW9_uH4sXXfvaR2TyXKEAaSCJ4ArPV3F_EDH_sxFHCVM0nME0JP5xgxBYDxCNglMawRDGhm6RKTEfy_Xfl4t8wM5_[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IMG_LOADER[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IMG_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\imp[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\imp[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro_bg[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\JS_EXTLIB[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\jshelper[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\loader-min[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\Madonna_OnNetwork_300x250_v2[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\niftybase_201203151115[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\PANEL_1_XBOX[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\PANEL_4_QBOX[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\pb_us_4[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\pb_us_5[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\QTIPS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\RadioPlayer[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\slideview[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\trackingOff[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\U_14kjqyoa46vvE9PAv9PNzve8GS5v6gQGAHAUsnNqyX2r909rE.huPP3muRPFG10uHe60PMsfTJpI18U5z3[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\upsell_201011291603[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\upsell_sprite_201010091011[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yahoo-dom-event[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yahoo_398x208_fourplay[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\YcoFbRiyoa5zz5xzTvGhH0a8dU0BpoDyTQGOIzwyUCulE[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yplayer[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3-flickr_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3-loader_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\104[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\111110_eH_bilderbanner_frauen_234x60[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\b[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\b[2].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\backyard-monsters-398x208[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\backyard-monsters-80[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\balloono-80[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bcr_2.0.5[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bg_left[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bouncing-balls-80[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_CENTER_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_EX_SELECTED_LEFT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_EX_UNSELECTED_CENTER[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_HEUR_UNSELECTED_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_SELECTED_LEFT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\carousel_091007[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\client_ad[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\client_ad[3].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\clk[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\clk[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\cm06y_234x60_0111[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[2].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[3]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[4]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\connection-min[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[2].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[3].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\DartShell7_5[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\DartShellPlayer7_5_09[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\desktop.ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\dot_20110607[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\edgeworld_80x80_yahoo[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\EXT_BASE_JS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\fonts_css[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\glossyberry[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\HEURISTIC_ICON[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\hqdefault[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\IMG_ALL_BG[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\IMG_BANNER_FREE[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\imp[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\imp[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\insider_msg_yahoo_com[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\JS_GLOBALS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\JS_OPSWAT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\LREC_Madonna_OnNetwork_300x250_0312[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\main[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\OPSWAT_BTN_NORMAL_LEFT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\ourworld-86x86[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\PlayerLogin[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\qmwb_1[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\spacer[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\stats[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\test_domain[1].txt
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\user_offline[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\videoplayback[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_398x208_Pool[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_80x80_fourplay[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_80x80_swapples[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\ylogo24[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yql[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yt_blacklist_domains[1].txt
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yui-min[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\zy-s_1[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\zync3-slideshare_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\desktop.ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\.b[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\9s[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\b[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\b[2].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\bg_controller[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\bg_right[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_CLICK_RIGHT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_LISTBOX_EX_SELECTED_CENTER[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_LISTBOX_EX_UNSELECTED_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_OVER_RIGHT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_RIGHT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA02WGH7
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0A6ZJX
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0A8W7O
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0DO2CR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0NFRKS
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0QWZL3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0UX2B4
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA1H9HHU
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA1YU2X1
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA24HEZF
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA2CSM6Y
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA2SHZSP
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA3AQ3NB
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA3RQHIQ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA51P3R3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5CT64Y
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5TEHF9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5XBJ3C
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6BVMLT
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6DW4L0
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6HU9OF
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6ODGDK
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6X2KJR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA75OUON
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA7KLT7L
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA7L08ZH
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA82LWPB
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA90XU3M
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA95CB3B
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA96X32P
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9FS230
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9KWQJG
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9LBY9K
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAA2QBT0
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAADQX9C
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAAJKE9J
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAB8TWRF
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CABF73O8
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CABSMA1U
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CACVL31Q
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD0C3RY
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD608BA
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD963VW
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CADZETUK
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAE73N5B
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAED87CZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAEIS00G
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAELVS9N
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAEQ2L38
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFHUH6W
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFKIJKW
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFOOLPZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAGZU3I3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHEH7ZR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHML2UO
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHRLQ2P
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIBPPJR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIBV4EL
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIJP9EI
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIKMLRR
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAINTRZM
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIVHXH6
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJ9CJN0
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJG3I8U
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJKDL6I
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJO19F8
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAKAYATZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAKH1C2K
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALLEN0D
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALOBAM6
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALPCU0B
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAM877HY
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAMQ9DY9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAMWRDNC
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CANNDZ55
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CANQWI5Z
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO45MQ4
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO804BX
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO9ISWH
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAOIPQ25
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAP16M2P
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAP952IQ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAPD6EVJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAPRWN3U
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAQFPU7L
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAQS08IZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAR1UINC
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAR9DFBZ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CARF8B6X
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CARQFVZV
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAS1U9AQ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAS5J2DO
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CASJHGWJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT088Q9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT11Q6O
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT7Q7KJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATOTVA2
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATQZP55
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATXFNUP
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATZ0CL9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATZXW5W
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAU800I7
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUF0MEJ
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUFHX2S
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUWTGPY
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAV0A0C0
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAVA7J7O
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAVV2FE1
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAW1XMIO
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWHK8W1
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWPFCRD
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWR95JI
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWUEZ3K
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWVIEM3
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAX2NL4Y
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAX7HPXT
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAXFUXN9
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYC7C6L
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYLUG4F
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYXRJHX
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAZ23S7M
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAZ5ADR7
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CFScriptB-4[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[3].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[4].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[5].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[6].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\clk[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\clk[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\cm08y_234x60_0111[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\cm10y_234x60_0111[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\COLLAPSED_ICON[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\combo[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[2].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[3].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[4].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\desktop.ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\EXT_ALL_JS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\EXT_THEME_SLATE_CSS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ExtAll_CSS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\flashwrite_1_2[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\icon_info[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\icons_20111014[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\IMG_BANNER_PREMIUM[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp-toggle[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[3]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro_20110711[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro_bg[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ireload_2[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\JS_PRODUCTLIST[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\Madonna_OnNetwork_300x250_v2[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\navcancl[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\niftybase_201203151750[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\OPSWAT_API[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\OPSWAT_PROGRESS_CORE[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\pb_us_1[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\pb_us_2a[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESS_DISPLAY[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESS_TOP_ARROW[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESSBAR_FILL[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\sprite[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\trackingCalls[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\user-match[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\util[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\welcome_20110711[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\wrapper[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\xml;[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yahoo_398x208_balloono[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yahoo_80x80_Pool[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yimPlayer[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ylc_1.9[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ymsgr11_us[1].ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ymsgr1150_0192_us[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync_r255[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync3-yahoo_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync3-youtube_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\index.dat
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\AC_RunActiveContent[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ad-vflhJcDiT[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ad2[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\adchoice_1.4[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\all-we-need-is-brain-64[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[2].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[3].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[4].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[5].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[6].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BANNER_TOTAL[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\bg_center[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_CLICK_LEFT_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_EX_SELECTED_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_HEUR_UNSELECTED_LEFT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_SELECTED_CENTER[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_OVER_CENTER_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\client_ad[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\client_ad[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[2].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[3].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[4].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\conn[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\cps-vflckjUMI[1].swf
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[2].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[3].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\DE9yHOGyoa6gcC8exJVUPydXl7n41AG15fn3gCT3kqHsWbTeo4aHKjJLgayQaI0bgbhzoZGx.54OzN54tYAuiPICK4hIlxTb.tZU9OOISTGiSI[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\desktop.ini
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\dot_1[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\external_1[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\games_sprite_201109071720[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\GetPlayerConfiguration[1].xml
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\glossyberry[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\hqdefault[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ICON_QUESTIONMARK[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\IMG_HEADER_BG[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\imp[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\imp[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\index[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\index[1].php
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JfgamYWyoa5v0WBj3LN0SPQ2pWesK400H5VUgjtbcBOU2e7J5FB1owf9l3YRuN9AZpazpo0EzdyDstZ306bVWsqQGEWVsfC.DPHrvkRPTH.b[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JS_CORE[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JS_EXTBASE[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\main_css[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\mainwindow[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\mainwindow[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\menuarodwn8_dim_1[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\newquote[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_BTN_NORMAL_CENTER[2]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_BTN_NORMAL_RIGHT[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_JS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_STYLE_CSS[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\opt_1[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ourworld_398x208_201202131107[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\pb_us_3[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\post_new[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\PROGRESS_TOP_ARROW_FADED[1]
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\rel_interstitial_loading[1].gif
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\reset-fonts-grids[1].css
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\slideview[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\swfobject_r255[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\transparent[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\upsell_conn_201010291509[1].js
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\yahoo_398x208_swapples[1].jpg
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\yel_btn_1[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\youtube_watermark-vflHX6b6E[1].png
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\zync[1].htm
c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\zync3-vimeo_r255[1].js
c:\users\Default\AppData\Local\temp
 
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))


2012-04-07 13:07:19 . 2012-04-07 13:07:19 -------- d-----w- C:\Program Files\ESET
2012-04-07 12:03:53 . 2012-04-07 12:14:18 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-07 12:03:53 . 2012-04-07 12:03:53 -------- d-----w- C:\Program Files\AVAST Software
2012-04-06 13:22:04 . 2012-04-06 13:22:04 -------- d-----w- C:\Users\Darran\AppData\Roaming\Yahoo!
2012-04-06 10:53:54 . 2012-04-06 13:01:27 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 10:53:54 . 2012-04-06 13:01:27 418464 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-04-03 21:35:50 . 2012-04-03 21:35:50 -------- d-----w- C:\Users\Darran\AppData\Roaming\Malwarebytes
2012-04-03 21:35:42 . 2012-04-03 21:35:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-03 21:35:41 . 2012-04-03 21:35:44 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-03 21:35:41 . 2011-12-10 14:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-22 21:36:27 . 2012-03-22 21:46:59 -------- d-----w- C:\Program Files\Atari800WinPLus
2012-03-17 22:55:42 . 2012-03-17 22:55:42 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-17 22:55:42 . 2012-03-17 22:55:42 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-14 15:59:47 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 15:59:44 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 15:59:44 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 15:59:44 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 15:59:44 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 15:59:44 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 15:59:23 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-03-14 15:58:53 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 15:58:53 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-14 21:56:10 . 2011-03-28 18:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-28 12:03:43 . 2012-01-28 12:03:43 29184 ----a-r- C:\Users\Darran\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-03-17 22:55:42 . 2011-05-18 21:45:38 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2010-11-01 07:26:33 . 2010-11-01 07:26:34 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 20:06:32 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-28 02:26:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-28 02:26:00 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-28 02:26:00 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 14:06:02 6144000]
"Google EULA Launcher"="c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 11:40:28 20480]
"Skytel"="Skytel.exe" [2007-11-20 16:15:58 1826816]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 16:24:56 98304]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 18:36:46 30040]
"FSCRecovery"="c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 13:25:56 268096]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Darran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=C:\Users\Darran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10:42 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 11:13:20 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50:52 1584640 ----a-w- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-11-01 07:26:33 30192 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 20:06:32 4351216 ----a-w- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 08:27:08 570664 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-26 22:07:47 1242448 ----a-w- d:\games\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44:52 37888 ----a-w- C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:01:27 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-04-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:53:54 . 2012-04-06 13:01:27]

2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-07 12:05:01 . 2012-04-07 12:04:53]

2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-07 12:05:01 . 2012-04-07 12:04:53]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\Darran\AppData\Roaming\Mozilla\Firefox\Profiles\hfzwxcdz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 10:55:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2012-04-08 10:57:09
ComboFix-quarantined-files.txt 2012-04-08 09:57:07
ComboFix2.txt 2012-04-07 12:30:42

Pre-Run: 17,554,100,224 bytes free
Post-Run: 17,455,886,336 bytes free

- - End Of File - - D77A25F5599FDA8102B0C7661E726E1C


All processes killed
========== FILES ==========
File/Folder C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a not found.
File/Folder C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chalina
->Temp folder emptied: 0 bytes

User: Darran
->Temp folder emptied: 147000 bytes
->Temporary Internet Files folder emptied: 24112 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 315258117 bytes
->Flash cache emptied: 8713 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elizabeth
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2431674 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 303.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 04082012_111131


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:47, on 08/04/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5932 bytes

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.XQNAJI
----- EOF -----
 
Darran, I'd like for you to run SuperAntispyware. Again in Combofix, I see deletions that are usually not done in Combofix. First it was from Elizabeth and Calista, now it's Darran. Be sure to check for removal of all entries found. I am guessing we are going to have to reset the Cookies.

SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
=================================
About the hard drive running when you aren't active: if you have auto-updates scheduled, it could be partly due to them.
 
Hi

Here is the log below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2012 at 00:39 AM

Application Version : 5.0.1146

Core Rules Database Version : 8430
Trace Rules Database Version: 6242

Scan type : Complete Scan
Total Scan Time : 00:48:58

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 737
Memory threats detected : 0
Registry items scanned : 35568
Registry threats detected : 0
File items scanned : 42578
File threats detected : 116

Adware.Tracking Cookie
C:\Users\Darran\AppData\Local\Temp\Cookies\QZTZ28M5.txt [ /ad.yieldmanager.com ]
api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AUCMDAX5 ]
ec.atdmt.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AUCMDAX5 ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.hearstdigital.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
s05.flagcounter.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
www.888.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tracking.dsmmadvantage.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.pcworldcommunication.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.qnsr.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
o1.qnsr.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
 
Not surprising!

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
Repeating: you need to set up a maintenance program and stick with it.
 
Thank you for all your help.So I am all ok now?

Can you recommend the programs that I should use to keep on top of this as part of my regular maintenance.
 
Do regular Maintenance
  1. Remove Temporary Internet Files regularly:
    [o]TFC
  2. Reset Cookies to prevent Tracking Cookies:> Previously given.
    [o] Depending on the browser you use, Cookies should also be reviewed. I remove any that are not for sites where I am registered and have PW.
  3. Disc Cleanup
    [o].Use Windows Explorer (Right click on Start> Explore)> right click on C Drive> Properties> Do the Disc Cleanup from that screen.
  4. Error Check
    [o] Choose Tools tab of Properties above> Select Error Check> Check both boxes> Apply> OK> Close the nag message and reboot. Error check will begin shortly. Let it finish-system will reboot when through.
  5. Defragment
    [o]. Then still on Properties screen> Tools tab> Click on Defragment and follow prompts.
  6. . Check Add/Remove Programs. Review and uninstall any you don't use. Use Windows Explorer to access Computer> Local Drive(C)> Programs> find program folder for any program you uninstall> do a right click> Delete.

For myself, I don't have any maintenance scheduled- I prefer to do all myself. Suggest you do #1 and #2 weekly. #3, #4 & #5 can be done monthly. #6 can be done occasionally.The frequency of doing many of the above is based on the use of the system> the more use, the more frequently some maintenance needs to be done.

If you have something like a 'glitch' it can help to run #4, Error Check.

The above is strict maintenance. Scans with AV and antimalware programs can also be done according to your use of the system.
====================================
You may find the following helpful: (Links are Bold Blue)
Tips for added security and safer browsing:
  1. Browser Security
    [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer][/url]
    [o] Use a Site Advisor..
    Have layered Security:
  2. Antivirus Software(only one):
    [o]Microsoft Security Essentials
    [o]Comodo AV
    [o]Avast! Free Antivirus
    =============================
  3. Firewall (only one)
    [o] Zone Alarm Free
    [o]Comodo Firewall Free
  4. Antispyware/Security: I recommend all of the following:
    [o]Spywareblaster:Protects against bad ActiveX.
    [o]IE/Spyad Restricts bad domains.
    [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Popup Stopper
  5. Stay current on updates:
    [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
    [o] Adobe Reade. Uninstall old.
    [o]Java Uninstall old.
  6. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
    [*] Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

Please let me know if you find any bad links.
 
You're very welcome, Darran

Please sure to update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader 6> Current is vX(10.xx)> Adobe Reader Update
Java(TM) 6 > Current is v6u31> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.
===================================
If you used a flash drive, I saw one entry that could be related, so you should go ahead and disinfect it:

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you have any more questions.
 
Hello

I have tried to install the Flash Disinfector, My AVG flags up two warnings which I have ignored.

When I run the program is does not do anything? I have even tried running it disabling my anti virus but still no luck :(
 
Run the one instread:

  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
 
Thank you for this, I have managed to vaccinate my pc and the flash drive, Can i use it on my 2 external hard drives aswell?
 
Status
Not open for further replies.
Back