TechSpot

HJT log is this clean?

By Dkent
Apr 3, 2012
  1. Hello, I do a hijack this log once a month and have noticed that it seems to be getting longer, please can someone check to make sure that this log is ok for me?

    I have noticed another name appear on my log in screen for Hotmail where I type in my email address, I have deleted all history and it seems to have gone,I am worried that someone may have attempted to hijack my computer
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please note: we do not use HijackThis to screen for malware. I would suggest that you not do so either.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. Dkent

    Dkent TS Rookie Topic Starter

    Thank you for taking time out to reply to me, I have done as requested. The only problem I had was that i could not turn off my AVG anti virus and it detected the downloaded GMER program as a possible threat which i take is not correct.
    Here are my logs

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.06.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Darran :: DARRAN-PC [administrator]

    06/04/2012 13:06:05
    mbam-log-2012-04-06 (13-06-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224893
    Time elapsed: 4 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-06 13:19:14
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-07B4A0 rev.01.03A01
    Running: ly9be071.exe; Driver: C:\Users\Darran\AppData\Local\Temp\uglirpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
    Run by Darran at 13:28:46 on 2012-04-06
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2296 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
    mRun: [NWEReboot]
    mRun: [Skytel] Skytel.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F333FEB7-515F-4B69-9B39-735CE3A30B74} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\darran\appdata\roaming\mozilla\firefox\profiles\hfzwxcdz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-16 176128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-6 12672]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-1 1153368]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-29 30192]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-04-06 12:28:15 -------- d-----w- c:\users\darran\appdata\local\{64667079-F00D-4E92-9242-662CC99AB63E}
    2012-04-06 12:27:55 -------- d-----w- c:\users\darran\appdata\local\{8FA1628A-978C-41ED-9C24-3A9AA17CE005}
    2012-04-06 11:08:10 -------- d-----w- c:\users\darran\appdata\local\{BDB5A3B4-A78A-4D5A-A74F-A5324E1D6A9F}
    2012-04-06 11:07:53 -------- d-----w- c:\users\darran\appdata\local\{6FA276F7-BE89-4D50-AB35-E1E54E0913C0}
    2012-04-06 10:53:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-06 10:53:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-06 10:50:48 -------- d-----w- c:\users\darran\appdata\local\{D96EDB40-53C6-497E-A1EA-37213E60BA68}
    2012-04-06 10:33:12 -------- d-----w- c:\users\darran\appdata\local\{CE8F5F02-27CA-4930-9F59-83C4B53C7FEC}
    2012-04-03 21:35:50 -------- d-----w- c:\users\darran\appdata\roaming\Malwarebytes
    2012-04-03 21:35:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-03 21:35:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 21:35:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-03 18:13:45 388096 ----a-r- c:\users\darran\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-03-26 17:19:37 -------- d-----w- c:\users\darran\appdata\local\{2D365183-7594-4551-9032-C174BB130027}
    2012-03-26 17:19:26 -------- d-----w- c:\users\darran\appdata\local\{A3D027EB-FA68-471B-A461-93389E1AF751}
    2012-03-22 21:36:27 -------- d-----w- c:\program files\Atari800WinPLus
    2012-03-22 17:08:50 -------- d-----w- c:\users\darran\appdata\local\{32858820-0994-48AD-B13E-4806043E603D}
    2012-03-22 17:08:33 -------- d-----w- c:\users\darran\appdata\local\{F8DE26B4-85E2-4BC1-BD9C-213101DCE420}
    2012-03-21 16:04:31 -------- d-----w- c:\users\darran\appdata\local\{44E1D687-2C8B-4403-BCE6-3990BBE4A4F9}
    2012-03-21 16:04:20 -------- d-----w- c:\users\darran\appdata\local\{7E2F2CC1-7E3A-4884-86E0-C3253377F9D2}
    2012-03-20 18:59:31 -------- d-----w- c:\users\darran\appdata\local\{ACB0A071-4BFD-4518-811F-69C4E1C7A99E}
    2012-03-20 18:59:20 -------- d-----w- c:\users\darran\appdata\local\{86D35532-D3C1-4299-AA52-160E8120D708}
    2012-03-17 22:55:42 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-03-17 22:55:42 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-03-17 22:50:04 -------- d-----w- c:\users\darran\appdata\local\{C5CB59D1-C485-4F37-91A7-8C9154B6DD2B}
    2012-03-17 22:49:53 -------- d-----w- c:\users\darran\appdata\local\{E9B2FB10-2C36-4299-8A72-19EFF00F4136}
    2012-03-16 17:04:39 -------- d-----w- c:\users\darran\appdata\local\{A7F5620A-EC10-4E79-8366-891CE2B66DE7}
    2012-03-16 17:04:24 -------- d-----w- c:\users\darran\appdata\local\{C6E5E5E1-0857-4649-ACCC-8C19C55D27C9}
    2012-03-15 15:57:23 -------- d-----w- c:\users\darran\appdata\local\{FCB99256-30AC-40E6-BCE9-607DDEE93590}
    2012-03-15 15:57:12 -------- d-----w- c:\users\darran\appdata\local\{AB6EF2C7-12C8-4D40-8236-64F2F1E6A4E3}
    2012-03-14 15:59:47 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 15:59:44 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 15:59:44 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 15:59:44 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 15:59:44 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 15:59:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 15:59:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-03-14 15:58:53 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 15:58:53 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 15:55:01 -------- d-----w- c:\users\darran\appdata\local\{2F48535A-FBB1-488F-82A8-71CD9E542D38}
    2012-03-14 15:54:50 -------- d-----w- c:\users\darran\appdata\local\{52EC7BAB-B8B0-4852-B9D8-85F84CE04270}
    2012-03-12 17:08:53 -------- d-----w- c:\users\darran\appdata\local\{145A87D8-1898-4536-80D9-C8CDB64D72AD}
    2012-03-12 17:08:41 -------- d-----w- c:\users\darran\appdata\local\{29E346D9-A337-40AB-9ADB-8468925095B5}
    2012-03-09 13:04:58 -------- d-----w- c:\users\darran\appdata\local\{46EE3342-322F-4E66-BBBC-E72C392372A2}
    2012-03-09 13:04:41 -------- d-----w- c:\users\darran\appdata\local\{53A594DD-B970-451B-8CCF-2D74F74EC0E9}
    2012-03-08 14:06:05 -------- d-----w- c:\users\darran\appdata\local\{D9968868-4A2E-4981-B4D3-69975BE1DA2A}
    2012-03-08 14:05:51 -------- d-----w- c:\users\darran\appdata\local\{F39BAD53-BC09-4A31-95E3-4547B4F11273}
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 13:30:04.57 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 29/06/2009 17:56:30
    System Uptime: 06/04/2012 13:26:10 (0 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | MS-7504VP-PV
    Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2403/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 76 GiB total, 10.668 GiB free.
    D: is FIXED (NTFS) - 213 GiB total, 52.964 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1035: 30/03/2012 18:19:56 - Scheduled Checkpoint
    RP1036: 01/04/2012 00:41:57 - Scheduled Checkpoint
    RP1037: 03/04/2012 19:13:24 - Installed HiJackThis
    RP1038: 05/04/2012 04:10:38 - Scheduled Checkpoint
    RP1039: 06/04/2012 00:10:52 - Scheduled Checkpoint
    RP1040: 06/04/2012 11:45:28 - Removed Adobe Reader 9.4.7.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.2)
    Apple Application Support
    Apple Software Update
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    µTorrent
    Audacity 1.2.6
    Auslogics Disk Defrag
    Auto Gordian Knot 2.55
    AVG 2012
    AviSynth 2.5
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BTHomeHub
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CPUID CPU-Z 1.52.2
    CPUID HWMonitor 1.15
    D3DX10
    Epson Print CD
    EPSON Printer Software
    Fallout 3
    Fallout: New Vegas
    Fujitsu Siemens Computers Recovery
    Google Desktop
    GoToAssist Corporate
    Great Eastern
    Half-Life 2: Lost Coast
    Half-Life(R) 2
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HydraVision
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Train Simulator
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    mkv2vob
    Mozilla Firefox 11.0 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Premium
    neroxml
    NVIDIA Drivers
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    PS3 Media Server
    QuickTime
    RailWorks
    RapidShare Manager
    Realtek High Definition Audio Driver
    rFactor (remove only)
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Segoe UI
    Source SDK Base
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Steam(TM)
    System Requirements Lab
    System Requirements Lab CYRI
    SystemDiagnostics
    The Longest Journey Demo
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VCRedistSetup
    VLC media player 2.0.1
    VobSub v2.23 (Remove Only)
    Watchtower Library 2008 - English
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    XviD MPEG4 Video Codec (remove only)
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/04/2012 13:26:30, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0024215AC802 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    06/04/2012 12:00:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    06/04/2012 12:00:43, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    06/04/2012 12:00:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    05/04/2012 19:15:27, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, AVG does things like that at times! You didn't need to disable AVG for those scans, but you will have to uninstall it for the following:

    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  5. Dkent

    Dkent TS Rookie Topic Starter

    Thank you for looking at this for me, I have done as requested and please find the enclosed logs.

    Darran

    ComboFix 12-04-07.02 - Darran 07/04/2012 13:22:44.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2120 [GMT 1:00]
    Running from: c:\users\Darran\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1ECA.tmp
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F15.tmp
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DE.tmp
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C32.tmp
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DA8.tmp
    c:\users\Chalina\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF3C.tmp
    c:\users\Darran\GoToAssistDownloadHelper.exe
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1613.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc34C8.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4701.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48F4.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D7A.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5228.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55C2.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CB9.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F68.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75DD.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80C6.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86FD.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FB4.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9540.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C3A.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC0B.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACC.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0BB.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA0E.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7F4.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDC1.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF72.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6A2.tmp
    c:\users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8B5.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-07 12:28 . 2012-04-07 12:29 -------- d-----w- c:\users\Darran\AppData\Local\temp
    2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
    2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-07 12:28 . 2012-04-07 12:28 -------- d-----w- c:\users\Chalina\AppData\Local\temp
    2012-04-07 12:03 . 2012-04-07 12:14 -------- d-----w- c:\programdata\AVAST Software
    2012-04-07 12:03 . 2012-04-07 12:03 -------- d-----w- c:\program files\AVAST Software
    2012-04-06 13:22 . 2012-04-06 13:22 -------- d-----w- c:\users\Darran\AppData\Roaming\Yahoo!
    2012-04-06 10:53 . 2012-04-06 13:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-06 10:53 . 2012-04-06 13:01 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Darran\AppData\Roaming\Malwarebytes
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-03 21:35 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 18:13 . 2012-04-03 18:13 388096 ----a-r- c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-22 21:36 . 2012-03-22 21:46 -------- d-----w- c:\program files\Atari800WinPLus
    2012-03-17 22:55 . 2012-03-17 22:55 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-17 22:55 . 2012-03-17 22:55 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-03-14 15:59 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 15:59 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 15:59 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 15:59 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 15:59 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 15:59 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 15:59 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-03-14 15:58 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 15:58 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-14 21:56 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-28 12:03 . 2012-01-28 12:03 29184 ----a-r- c:\users\Darran\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
    2012-03-17 22:55 . 2011-05-18 21:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-11-01 07:26 . 2010-11-01 07:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-19 288048]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-28 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8497696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
    "Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Darran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=c:\users\Darran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-01-22 11:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-11-01 07:26 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-02-22 19:49 6591800 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 08:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-26 22:07 1242448 ----a-w- d:\games\steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:01]
    .
    2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 12:04]
    .
    2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 12:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Darran\AppData\Roaming\Mozilla\Firefox\Profiles\hfzwxcdz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NWEReboot - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-Install5G - E:\Install.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-07 13:29
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-04-07 13:30:42
    ComboFix-quarantined-files.txt 2012-04-07 12:30
    .
    Pre-Run: 13,309,845,504 bytes free
    Post-Run: 13,108,047,872 bytes free
    .
    - - End Of File - - 8F22DB150E5B5E31EBBE3CA4A93DB58F


    C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
    C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    Folder::
    c:\users\Darran\AppData\Local\temp
    c:\users\Elizabeth\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Chalina\AppData\Local\temp
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "uTorrent"=-
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a 
      C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ========================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    =======================================
    Please uninstall the HijackThis you have now- it isn't set up correctly. Then do the following:
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ==================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    FYI: The users Elizabeth and Chalina both had numerous temporary internet files for "mccxxx.tmp' removed.I can't identify any of them.

    Darran had GoToAssistDownload Helper removed.

    I'm not sure if it's just Darran's account, but there are 2 registry entires with multiple programs in the Startop Folder>> None of those programs need to start on boot and run in the background. There are also multiple processes from 'msconfig' Startup Menu. None need to start on boot.

    Note: I won't be online tomorrow, Easter Subday. We will finish on Monday.
     
  7. Dkent

    Dkent TS Rookie Topic Starter

    I have deleted the other 2 accounts,hope that is ok?. I have noticed that there is alot of hard drive activity from my PC even where I am not doing anything,is this normal?

    Here are the logs.

    ComboFix 12-04-07.02 - Darran 08/04/2012 10:50:22.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2353 [GMT 1:00]
    Running from: C:\Users\Darran\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Darran\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\Darran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\users\Darran\AppData\Local\temp
    c:\users\Darran\AppData\Local\temp\Cookies\1A51724H.txt
    c:\users\Darran\AppData\Local\temp\Cookies\6T5DM71J.txt
    c:\users\Darran\AppData\Local\temp\Cookies\7A8KY0JA.txt
    c:\users\Darran\AppData\Local\temp\Cookies\8JZ242AN.txt
    c:\users\Darran\AppData\Local\temp\Cookies\92IMIT2L.txt
    c:\users\Darran\AppData\Local\temp\Cookies\AL8W11P5.txt
    c:\users\Darran\AppData\Local\temp\Cookies\D2LZ9V3X.txt
    c:\users\Darran\AppData\Local\temp\Cookies\HP9OZ5SJ.txt
    c:\users\Darran\AppData\Local\temp\Cookies\index.dat
    c:\users\Darran\AppData\Local\temp\Cookies\JQFHBO3X.txt
    c:\users\Darran\AppData\Local\temp\Cookies\MCVYTGWV.txt
    c:\users\Darran\AppData\Local\temp\Cookies\UOIBOCDJ.txt
    c:\users\Darran\AppData\Local\temp\History\History.IE5\desktop.ini
    c:\users\Darran\AppData\Local\temp\History\History.IE5\index.dat
    c:\users\Darran\AppData\Local\temp\History\History.IE5\MSHist012012040720120408\index.dat
    c:\users\Darran\AppData\Local\temp\History\History.IE5\MSHist012012040820120409\index.dat
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\_Xn9awSyoa6OasigcEYvmOIrttL8z4o2lYqGwkIk2NXST4un2ehPPHdMERMjrU7ydDY9JVf0htqHHrJ1hhCub8cdcbrI[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\104[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\11s[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\28s[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\39s[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\7e3U1yeyoa6BKQs7TbAAiiPeqqJ9ExiWCuHEO6S6e4FAm8a2eJyrSbWmDdqwrsYVbuzlmrcaMjn3GMkOjJIcO7l12c9ocktGT_VOXy1V4IQ-[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\anim_loading_sm_082208[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\avatar122067_1[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bc_2.0.5[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bc_2.0.5[2].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\bouncing-Balls-398x208[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\browneyesdt[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_CLICK_CENTER_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LEFT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_EX_UNSELECTED_LEFT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_HEUR_UNSELECTED_CENTER[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_LISTBOX_SELECTED_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\BUTTON_OVER_LEFT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA08WK4G
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA0G8QV4
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA0TA8SJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA15ZI7K
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA1HGAA3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA21SY01
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA2TRFXB
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA3DLXLR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA40FZHS
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA5QRIXJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA6N3TE3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA6OCG7V
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA76VYRC
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA7PGHE4
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8A2B2X
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8L9T99
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8LAE13
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA8WOITB
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CA98FC8G
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAA7NPV2
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAAR4OHU
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAARJN6T
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CABBQSCP
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CABUYK26
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CACVMYTD
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAE2IQQA
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAEAOYXN
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAEW8T1S
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAF3M9NX
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAII3XU1
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAIZ4NR4
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJCSWYT
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJO5QYZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAJVWBDQ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAK5132E
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAO91T4N
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQ74R2X
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQ9ULOT
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAQPZMR8
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CARNT3S1
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAS74M68
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CASAP95R
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CASPEUYY
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAUD71SB
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAULBAV5
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAUVVHDW
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAVQ62XU
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAVSNL4A
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAW6YJRV
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAW9SRI9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAX0X2MQ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAXM7JRA
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAYC13IY
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAYTDS3U
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\CAZL589I
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\client_ad[3].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\clientad_rotator_090324[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\clk[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[2].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[3].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[4].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\crossdomain[5].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\delicious_1[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\desktop.ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\edgeworld_398x208_yahoo[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_ALL_CSS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_LIB_JS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\EXT_RESET_CSS[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\flash11.2.202.228[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\GmAb3q2yoa66Ee7W9ZPq7DRVhrb5xH77VgXEcJPdCw6qrSqO9ipHFynjHViikXWEQdfGtVE1uqssdSGdCS7eU_Y[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\googlevideoads[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\gr10-swfo22_201105121000[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\grand-prix-go-64[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IE7FIXES[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\iMeCKjOyoa7rrBeWgM3jbuia_klzW9_uH4sXXfvaR2TyXKEAaSCJ4ArPV3F_EDH_sxFHCVM0nME0JP5xgxBYDxCNglMawRDGhm6RKTEfy_Xfl4t8wM5_[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IMG_LOADER[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\IMG_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\imp[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\imp[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\intro_bg[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\JS_EXTLIB[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\jshelper[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\loader-min[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\Madonna_OnNetwork_300x250_v2[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\niftybase_201203151115[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\PANEL_1_XBOX[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\PANEL_4_QBOX[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\pb_us_4[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\pb_us_5[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\QTIPS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\RadioPlayer[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\slideview[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\trackingOff[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\U_14kjqyoa46vvE9PAv9PNzve8GS5v6gQGAHAUsnNqyX2r909rE.huPP3muRPFG10uHe60PMsfTJpI18U5z3[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\upsell_201011291603[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\upsell_sprite_201010091011[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yahoo-dom-event[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yahoo_398x208_fourplay[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\YcoFbRiyoa5zz5xzTvGhH0a8dU0BpoDyTQGOIzwyUCulE[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\yplayer[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3-flickr_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3-loader_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\3LDOKON6\zync3_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\104[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\111110_eH_bilderbanner_frauen_234x60[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\b[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\b[2].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\backyard-monsters-398x208[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\backyard-monsters-80[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\balloono-80[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bcr_2.0.5[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bg_left[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\bouncing-balls-80[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_CENTER_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_EX_SELECTED_LEFT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_EX_UNSELECTED_CENTER[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_HEUR_UNSELECTED_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\BUTTON_LISTBOX_SELECTED_LEFT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\carousel_091007[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\client_ad[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\client_ad[3].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\clk[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\clk[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\cm06y_234x60_0111[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[2].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[3]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\combo[4]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\connection-min[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[2].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\crossdomain[3].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\DartShell7_5[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\DartShellPlayer7_5_09[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\desktop.ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\dot_20110607[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\edgeworld_80x80_yahoo[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\EXT_BASE_JS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\fonts_css[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\glossyberry[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\HEURISTIC_ICON[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\hqdefault[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\IMG_ALL_BG[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\IMG_BANNER_FREE[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\imp[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\imp[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\insider_msg_yahoo_com[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\JS_GLOBALS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\JS_OPSWAT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\LREC_Madonna_OnNetwork_300x250_0312[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\main[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\OPSWAT_BTN_NORMAL_LEFT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\ourworld-86x86[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\PlayerLogin[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\qmwb_1[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\spacer[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\stats[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\test_domain[1].txt
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\user_offline[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\videoplayback[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_398x208_Pool[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_80x80_fourplay[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yahoo_80x80_swapples[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\ylogo24[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yql[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yt_blacklist_domains[1].txt
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\yui-min[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\zy-s_1[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\AOKAKGI6\zync3-slideshare_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\desktop.ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\.b[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\9s[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\b[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\b[2].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\bg_controller[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\bg_right[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_CLICK_RIGHT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_LISTBOX_EX_SELECTED_CENTER[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_LISTBOX_EX_UNSELECTED_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_OVER_RIGHT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\BUTTON_RIGHT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA02WGH7
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0A6ZJX
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0A8W7O
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0DO2CR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0NFRKS
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0QWZL3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA0UX2B4
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA1H9HHU
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA1YU2X1
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA24HEZF
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA2CSM6Y
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA2SHZSP
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA3AQ3NB
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA3RQHIQ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA51P3R3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5CT64Y
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5TEHF9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA5XBJ3C
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6BVMLT
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6DW4L0
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6HU9OF
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6ODGDK
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA6X2KJR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA75OUON
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA7KLT7L
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA7L08ZH
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA82LWPB
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA90XU3M
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA95CB3B
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA96X32P
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9FS230
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9KWQJG
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CA9LBY9K
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAA2QBT0
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAADQX9C
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAAJKE9J
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAB8TWRF
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CABF73O8
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CABSMA1U
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CACVL31Q
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD0C3RY
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD608BA
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAD963VW
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CADZETUK
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAE73N5B
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAED87CZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAEIS00G
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAELVS9N
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAEQ2L38
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFHUH6W
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFKIJKW
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAFOOLPZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAGZU3I3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHEH7ZR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHML2UO
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAHRLQ2P
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIBPPJR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIBV4EL
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIJP9EI
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIKMLRR
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAINTRZM
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAIVHXH6
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJ9CJN0
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJG3I8U
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJKDL6I
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAJO19F8
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAKAYATZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAKH1C2K
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALLEN0D
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALOBAM6
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CALPCU0B
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAM877HY
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAMQ9DY9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAMWRDNC
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CANNDZ55
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CANQWI5Z
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO45MQ4
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO804BX
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAO9ISWH
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAOIPQ25
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAP16M2P
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAP952IQ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAPD6EVJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAPRWN3U
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAQFPU7L
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAQS08IZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAR1UINC
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAR9DFBZ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CARF8B6X
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CARQFVZV
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAS1U9AQ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAS5J2DO
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CASJHGWJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT088Q9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT11Q6O
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAT7Q7KJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATOTVA2
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATQZP55
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATXFNUP
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATZ0CL9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CATZXW5W
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAU800I7
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUF0MEJ
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUFHX2S
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAUWTGPY
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAV0A0C0
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAVA7J7O
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAVV2FE1
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAW1XMIO
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWHK8W1
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWPFCRD
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWR95JI
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWUEZ3K
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAWVIEM3
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAX2NL4Y
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAX7HPXT
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAXFUXN9
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYC7C6L
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYLUG4F
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAYXRJHX
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAZ23S7M
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CAZ5ADR7
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\CFScriptB-4[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[3].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[4].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[5].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\client_ad[6].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\clk[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\clk[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\cm08y_234x60_0111[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\cm10y_234x60_0111[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\COLLAPSED_ICON[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\combo[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[2].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[3].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\crossdomain[4].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\desktop.ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\EXT_ALL_JS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\EXT_THEME_SLATE_CSS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ExtAll_CSS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\flashwrite_1_2[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\icon_info[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\icons_20111014[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\IMG_BANNER_PREMIUM[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp-toggle[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\imp[3]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro_20110711[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\intro_bg[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ireload_2[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\JS_PRODUCTLIST[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\Madonna_OnNetwork_300x250_v2[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\navcancl[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\niftybase_201203151750[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\OPSWAT_API[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\OPSWAT_PROGRESS_CORE[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\pb_us_1[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\pb_us_2a[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESS_DISPLAY[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESS_TOP_ARROW[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\PROGRESSBAR_FILL[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\sprite[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\trackingCalls[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\user-match[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\util[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\welcome_20110711[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\wrapper[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\xml;[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yahoo_398x208_balloono[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yahoo_80x80_Pool[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\yimPlayer[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ylc_1.9[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ymsgr11_us[1].ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\ymsgr1150_0192_us[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync_r255[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync3-yahoo_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\I9OV2A47\zync3-youtube_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\index.dat
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\AC_RunActiveContent[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ad-vflhJcDiT[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ad2[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\adchoice_1.4[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\all-we-need-is-brain-64[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[2].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[3].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[4].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[5].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\b[6].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BANNER_TOTAL[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\bg_center[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_CLICK_LEFT_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_EX_SELECTED_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_HEUR_UNSELECTED_LEFT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_LISTBOX_SELECTED_CENTER[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\BUTTON_OVER_CENTER_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\client_ad[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\client_ad[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[2].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[3].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\clk[4].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\conn[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\cps-vflckjUMI[1].swf
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[2].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\crossdomain[3].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\DE9yHOGyoa6gcC8exJVUPydXl7n41AG15fn3gCT3kqHsWbTeo4aHKjJLgayQaI0bgbhzoZGx.54OzN54tYAuiPICK4hIlxTb.tZU9OOISTGiSI[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\desktop.ini
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\dot_1[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\external_1[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\games_sprite_201109071720[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\GetPlayerConfiguration[1].xml
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\glossyberry[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\hqdefault[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ICON_QUESTIONMARK[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\IMG_HEADER_BG[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\imp[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\imp[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\index[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\index[1].php
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JfgamYWyoa5v0WBj3LN0SPQ2pWesK400H5VUgjtbcBOU2e7J5FB1owf9l3YRuN9AZpazpo0EzdyDstZ306bVWsqQGEWVsfC.DPHrvkRPTH.b[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JS_CORE[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\JS_EXTBASE[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\main_css[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\mainwindow[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\mainwindow[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\menuarodwn8_dim_1[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\newquote[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_BTN_NORMAL_CENTER[2]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_BTN_NORMAL_RIGHT[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_JS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\OPSWAT_STYLE_CSS[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\opt_1[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\ourworld_398x208_201202131107[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\pb_us_3[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\post_new[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\PROGRESS_TOP_ARROW_FADED[1]
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\rel_interstitial_loading[1].gif
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\reset-fonts-grids[1].css
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\slideview[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\swfobject_r255[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\transparent[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\upsell_conn_201010291509[1].js
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\yahoo_398x208_swapples[1].jpg
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\yel_btn_1[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\youtube_watermark-vflHX6b6E[1].png
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\zync[1].htm
    c:\users\Darran\AppData\Local\temp\Temporary Internet Files\Content.IE5\OF31B59E\zync3-vimeo_r255[1].js
    c:\users\Default\AppData\Local\temp
     
  8. Dkent

    Dkent TS Rookie Topic Starter

    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))


    2012-04-07 13:07:19 . 2012-04-07 13:07:19 -------- d-----w- C:\Program Files\ESET
    2012-04-07 12:03:53 . 2012-04-07 12:14:18 -------- d-----w- C:\ProgramData\AVAST Software
    2012-04-07 12:03:53 . 2012-04-07 12:03:53 -------- d-----w- C:\Program Files\AVAST Software
    2012-04-06 13:22:04 . 2012-04-06 13:22:04 -------- d-----w- C:\Users\Darran\AppData\Roaming\Yahoo!
    2012-04-06 10:53:54 . 2012-04-06 13:01:27 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2012-04-06 10:53:54 . 2012-04-06 13:01:27 418464 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
    2012-04-03 21:35:50 . 2012-04-03 21:35:50 -------- d-----w- C:\Users\Darran\AppData\Roaming\Malwarebytes
    2012-04-03 21:35:42 . 2012-04-03 21:35:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-03 21:35:41 . 2012-04-03 21:35:44 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2012-04-03 21:35:41 . 2011-12-10 14:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-03-22 21:36:27 . 2012-03-22 21:46:59 -------- d-----w- C:\Program Files\Atari800WinPLus
    2012-03-17 22:55:42 . 2012-03-17 22:55:42 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
    2012-03-17 22:55:42 . 2012-03-17 22:55:42 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
    2012-03-14 15:59:47 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
    2012-03-14 15:59:44 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
    2012-03-14 15:59:44 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
    2012-03-14 15:59:44 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
    2012-03-14 15:59:44 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
    2012-03-14 15:59:44 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
    2012-03-14 15:59:23 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2012-03-14 15:58:53 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
    2012-03-14 15:58:53 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-02-14 21:56:10 . 2011-03-28 18:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-28 12:03:43 . 2012-01-28 12:03:43 29184 ----a-r- C:\Users\Darran\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
    2012-03-17 22:55:42 . 2011-05-18 21:45:38 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
    2010-11-01 07:26:33 . 2010-11-01 07:26:34 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 20:06:32 4351216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-28 02:26:00 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-28 02:26:00 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-28 02:26:00 81920]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 14:06:02 6144000]
    "Google EULA Launcher"="c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 11:40:28 20480]
    "Skytel"="Skytel.exe" [2007-11-20 16:15:58 1826816]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 16:24:56 98304]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 18:36:46 30040]
    "FSCRecovery"="c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 13:25:56 268096]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Darran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=C:\Users\Darran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 13:10:42 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-01-22 11:13:20 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2009-12-07 11:50:52 1584640 ----a-w- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-11-01 07:26:33 30192 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 18:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-26 20:06:32 4351216 ----a-w- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 08:27:08 570664 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 20:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-26 22:07:47 1242448 ----a-w- d:\games\steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-01-13 22:44:52 37888 ----a-w- C:\Program Files\Winamp\winampa.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:01:27 253600]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    Contents of the 'Scheduled Tasks' folder

    2012-04-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:53:54 . 2012-04-06 13:01:27]

    2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-07 12:05:01 . 2012-04-07 12:04:53]

    2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-07 12:05:01 . 2012-04-07 12:04:53]


    ------- Supplementary Scan -------

    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - C:\Users\Darran\AppData\Roaming\Mozilla\Firefox\Profiles\hfzwxcdz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true


    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-08 10:55:39
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2012-04-08 10:57:09
    ComboFix-quarantined-files.txt 2012-04-08 09:57:07
    ComboFix2.txt 2012-04-07 12:30:42

    Pre-Run: 17,554,100,224 bytes free
    Post-Run: 17,455,886,336 bytes free

    - - End Of File - - D77A25F5599FDA8102B0C7661E726E1C


    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-1ba6e7b6 a not found.
    File/Folder C:\Users\Darran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5f8a12df-3af6d9d4 multiple threats not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chalina
    ->Temp folder emptied: 0 bytes

    User: Darran
    ->Temp folder emptied: 147000 bytes
    ->Temporary Internet Files folder emptied: 24112 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 315258117 bytes
    ->Flash cache emptied: 8713 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Elizabeth
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2431674 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 303.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 04082012_111131


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:35:47, on 08/04/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 5932 bytes

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.XQNAJI
    ----- EOF -----
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Darran, I'd like for you to run SuperAntispyware. Again in Combofix, I see deletions that are usually not done in Combofix. First it was from Elizabeth and Calista, now it's Darran. Be sure to check for removal of all entries found. I am guessing we are going to have to reset the Cookies.

    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    =================================
    About the hard drive running when you aren't active: if you have auto-updates scheduled, it could be partly due to them.
     
  10. Dkent

    Dkent TS Rookie Topic Starter

    Hi

    Here is the log below.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/10/2012 at 00:39 AM

    Application Version : 5.0.1146

    Core Rules Database Version : 8430
    Trace Rules Database Version: 6242

    Scan type : Complete Scan
    Total Scan Time : 00:48:58

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Administrator

    Memory items scanned : 737
    Memory threats detected : 0
    Registry items scanned : 35568
    Registry threats detected : 0
    File items scanned : 42578
    File threats detected : 116

    Adware.Tracking Cookie
    C:\Users\Darran\AppData\Local\Temp\Cookies\QZTZ28M5.txt [ /ad.yieldmanager.com ]
    api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AUCMDAX5 ]
    ec.atdmt.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AUCMDAX5 ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .hearstdigital.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .msnportal.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .paypal.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    s05.flagcounter.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    counters.gigya.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    server.adformdsp.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adformdsp.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .mm.chitika.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    fr.sitestat.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    fr.sitestat.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .rambler.ru [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .rambler.ru [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    ads.saymedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    ads.saymedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    www.888.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .avgtechnologies.112.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tracking.dsmmadvantage.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .pcworldcommunication.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .eset.122.2o7.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .virginmedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .qnsr.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    o1.qnsr.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    www.qsstats.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    www.qsstats.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    api.firestormmedia.tv [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
    track.prd1.netshelter.net [ C:\USERS\DARRAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFZWXCDZ.DEFAULT\COOKIES.SQLITE ]
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Not surprising!

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =======================================
    Repeating: you need to set up a maintenance program and stick with it.
     
  12. Dkent

    Dkent TS Rookie Topic Starter

    Thank you for all your help.So I am all ok now?

    Can you recommend the programs that I should use to keep on top of this as part of my regular maintenance.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do regular Maintenance
    1. Remove Temporary Internet Files regularly:
      [o]TFC
    2. Reset Cookies to prevent Tracking Cookies:> Previously given.
      [o] Depending on the browser you use, Cookies should also be reviewed. I remove any that are not for sites where I am registered and have PW.
    3. Disc Cleanup
      [o].Use Windows Explorer (Right click on Start> Explore)> right click on C Drive> Properties> Do the Disc Cleanup from that screen.
    4. Error Check
      [o] Choose Tools tab of Properties above> Select Error Check> Check both boxes> Apply> OK> Close the nag message and reboot. Error check will begin shortly. Let it finish-system will reboot when through.
    5. Defragment
      [o]. Then still on Properties screen> Tools tab> Click on Defragment and follow prompts.
    6. . Check Add/Remove Programs. Review and uninstall any you don't use. Use Windows Explorer to access Computer> Local Drive(C)> Programs> find program folder for any program you uninstall> do a right click> Delete.

    For myself, I don't have any maintenance scheduled- I prefer to do all myself. Suggest you do #1 and #2 weekly. #3, #4 & #5 can be done monthly. #6 can be done occasionally.The frequency of doing many of the above is based on the use of the system> the more use, the more frequently some maintenance needs to be done.

    If you have something like a 'glitch' it can help to run #4, Error Check.

    The above is strict maintenance. Scans with AV and antimalware programs can also be done according to your use of the system.
    ====================================
    You may find the following helpful: (Links are Bold Blue)
    Tips for added security and safer browsing:
    1. Browser Security
      [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer][/url]
      [o] Use a Site Advisor..
      Have layered Security:
    2. Antivirus Software(only one):
      [o]Microsoft Security Essentials
      [o]Comodo AV
      [o]Avast! Free Antivirus
      =============================
    3. Firewall (only one)
      [o] Zone Alarm Free
      [o]Comodo Firewall Free
    4. Antispyware/Security: I recommend all of the following:
      [o]Spywareblaster:Protects against bad ActiveX.
      [o]IE/Spyad Restricts bad domains.
      [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Popup Stopper
    5. Stay current on updates:
      [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
      [o] Adobe Reade. Uninstall old.
      [o]Java Uninstall old.
    6. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
      [*] Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

    Please let me know if you find any bad links.
     
  14. Dkent

    Dkent TS Rookie Topic Starter

    Thank you for all your help,I really appreciate the time you took to help me out
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're very welcome, Darran

    Please sure to update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader 6> Current is vX(10.xx)> Adobe Reader Update
    Java(TM) 6 > Current is v6u31> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    ===================================
    If you used a flash drive, I saw one entry that could be related, so you should go ahead and disinfect it:

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any more questions.
     
  16. Dkent

    Dkent TS Rookie Topic Starter

    Hello

    I have tried to install the Flash Disinfector, My AVG flags up two warnings which I have ignored.

    When I run the program is does not do anything? I have even tried running it disabling my anti virus but still no luck :(
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Run the one instread:

    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
     
  18. Dkent

    Dkent TS Rookie Topic Starter

    Thank you for this, I have managed to vaccinate my pc and the flash drive, Can i use it on my 2 external hard drives aswell?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes! You can use it on all removable drives :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...