Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Requested to come here from a GM, from the games thread.

Started by NavyWife , Jan 22 2013 11:00 AM

Please log in to reply

#1
NavyWife

Posted 22 January 2013 - 11:00 AM

Member

Member
23 posts

Okay, so... I play an online game called Fiesta through outspark.com This game use to work on my computer just fine, about 8 months ago. I reinstalled the game about 3-4 weeks ago, only to get an error; "Unable to connect to remote server". No matter what I, or anyone else does to try to fix this error, we can't seem to fix the issue. One of the Global Mods told me to come here to see if maybe I have malware preventing the computer form working. My computer does act funky every once in awhile, and gets a black bar on the address bar of my browser some times. I got a rootkit on my computer about 3 years ago, which I tried to fix by wiping my computer and reinstalling Windows. When I did that, I might have deleted the factory reset that is installed on the computer, 'cause I'm not able to wipe the comp from the F11 screen. I can't find my disks, so resetting my computer isn't an option atm. I'm not sure if I have anything harmful on my computer, but you can look at the topic in the game section titled "Unable to Connect to Remote Server" to see what we've tried and the error the game was giving me. Thank you for your time!

Logs From The OTL:

OTL logfile created on: 1/22/2013 10:45:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hara\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 55.19% Memory free
7.11 Gb Paging File | 5.62 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 68.70 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.89 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
Drive E: | 646.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Hara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 10:44:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hara\Downloads\OTL.exe
PRC - [2013/01/17 05:09:00 | 000,206,336 | ---- | M] (FileProperties_CompanyName) -- C:\Users\Hara\AppData\Local\Updater21804\Updater21804.exe
PRC - [2013/01/16 09:31:37 | 003,093,624 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Hara\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Users\Hara\Desktop\workout\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/16 09:31:37 | 003,093,624 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2013/01/09 20:48:13 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll
MOD - [2013/01/09 20:45:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/09 20:45:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/09 20:45:03 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013/01/09 20:44:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/09 20:44:35 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013/01/09 20:43:37 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/09 20:43:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2013/01/07 18:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 18:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/07 18:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 18:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/07 18:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/07 18:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/09/25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012/09/25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012/09/25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/01/09 20:09:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/03 13:57:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Users\Hara\Desktop\workout\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/21 13:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/31 22:41:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva343.sys -- (XDva343)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva332.sys -- (XDva332)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Capt905c.sys -- (SQTECH905C)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hara\AppData\Local\Temp\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hara\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/01/22 05:52:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0188A226-0530-4D9E-B8BE-3C9C2B744105}\MpKslb2fb0ff9.sys -- (MpKslb2fb0ff9)
DRV - [2013/01/10 06:36:50 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/02/01 19:50:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/01/20 20:32:51 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C CE C7 31 7F EF CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.87.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/21 17:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/16 09:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/02/07 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Extensions
[2011/04/05 07:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Extensions\{75eb2688-4ed4-45d7-985e-14bc5bc80553}
[2012/02/07 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/01/25 21:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions
[2011/10/31 19:10:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\[email protected]
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\[email protected]\chrome
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\[email protected]\defaults
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\[email protected]\locale
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\[email protected]\skin
[2013/01/11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hara\AppData\Roaming\mozilla\Firefox\Profiles\0cyc7ftw.default\extensions\extension2180[email protected]\chrome\content\extensionCode
[2011/11/21 10:10:30 | 000,002,568 | ---- | M] () -- C:\Users\Hara\AppData\Roaming\mozilla\firefox\profiles\0cyc7ftw.default\searchplugins\askcom.xml
[2010/10/07 15:57:05 | 000,001,919 | ---- | M] () -- C:\Users\Hara\AppData\Roaming\mozilla\firefox\profiles\0cyc7ftw.default\searchplugins\bing-zugo.xml
[2012/09/03 13:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/03 13:57:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/05 12:12:49 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/09 19:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files\mozilla firefox\plugins\NPMFireLauncher.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/03 13:57:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/03 13:57:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Hara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\

O1 HOSTS File: ([2011/04/06 08:08:10 | 000,000,890 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 70.42.237.49 rest.outspark.net #Fiesta DNS
O1 - Hosts: 70.42.237.49 patchdb.outspark.net #Fiesta DNS
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Hara\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hara\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe (CJ E&M)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Hara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Hara\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{110F7981-C142-4772-9A11-87785A2881AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hara\Pictures\Aquarium_in_HK_Ocean_Park.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hara\Pictures\Aquarium_in_HK_Ocean_Park.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/08/10 07:41:08 | 000,000,039 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31c9b584-0a33-11df-86c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31c9b584-0a33-11df-86c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [1998/08/10 07:41:08 | 000,052,224 | R--- | M] ()
O33 - MountPoints2\G\Shell\AutoRun\command - "" = restore\restorestarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 05:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/01/22 05:04:28 | 000,000,000 | ---D | C] -- C:\Users\Hara\Desktop\1
[2013/01/19 20:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal
[2013/01/19 20:33:44 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2013/01/19 20:12:06 | 3763,280,191 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Hara\Desktop\netmarble_uwo_v1007_full.exe
[2013/01/19 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2013/01/19 19:41:57 | 000,000,000 | ---D | C] -- C:\Joymax
[2013/01/18 10:41:29 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\Microsoft Corporation
[2013/01/18 10:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/01/18 06:16:21 | 031,370,824 | ---- | C] (Dell) -- C:\R198174-1.exe
[2013/01/18 05:58:06 | 000,720,896 | ---- | C] (Hitachi-LG DataStroage) -- C:\B110.exe
[2013/01/18 05:57:49 | 001,065,012 | ---- | C] (ASUS Technologies Ltd.) -- C:\I531_1013.EXE
[2013/01/18 05:57:34 | 001,065,012 | ---- | C] (ASUS Technologies Ltd.) -- C:\I531_1010.exe
[2013/01/18 05:55:49 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\Akamai
[2013/01/18 05:47:26 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/01/16 09:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Project Powder
[2013/01/16 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/16 09:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/01/14 10:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Leap Free MP3 to M4A AAC Converter
[2013/01/12 05:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company
[2013/01/12 05:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\TLC
[2013/01/11 10:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2013/01/11 10:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2013/01/11 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\Updater21804
[2013/01/11 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\Coupon Companion Plugin
[2013/01/11 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
[2013/01/11 10:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/01/11 10:05:49 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Roaming\AVS4YOU
[2013/01/11 10:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2013/01/11 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2013/01/11 09:49:37 | 000,000,000 | ---D | C] -- C:\Users\Hara\Desktop\music for dsi
[2013/01/11 05:52:15 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Roaming\Xfire
[2013/01/11 05:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2013/01/11 05:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2013/01/11 05:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2013/01/10 18:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013/01/10 18:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/01/10 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/01/10 12:43:08 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/01/10 12:41:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/01/10 12:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/01/10 12:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/01/10 12:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/01/10 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\Windows Live
[2013/01/10 12:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 09:16:00 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Roaming\TeamViewer
[2013/01/10 06:37:11 | 000,000,000 | ---D | C] -- C:\Users\Hara\AppData\Local\NETGEARGenie
[2013/01/10 06:36:50 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2013/01/10 06:36:50 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\packet.dll
[2013/01/10 06:36:50 | 000,035,088 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2013/01/09 12:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/09 12:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 12:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/09 11:59:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/09 11:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/09 11:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/09 11:47:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/07 10:28:35 | 000,000,000 | ---D | C] -- C:\Users\Hara\Pictures
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 10:39:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 10:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 09:50:07 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1787126506-4268691745-3025897286-1000UA.job
[2013/01/22 09:03:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 09:03:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 05:14:52 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2013/01/22 05:03:36 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 05:03:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/21 18:50:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1787126506-4268691745-3025897286-1000Core.job
[2013/01/20 07:13:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/19 20:45:45 | 000,001,680 | ---- | M] () -- C:\Users\Hara\Application Data\Microsoft\Internet Explorer\Quick Launch\MarbleStation.lnk
[2013/01/19 20:45:42 | 000,001,503 | ---- | M] () -- C:\Users\Public\Desktop\Uncharted Waters Online.lnk
[2013/01/19 20:32:46 | 3763,280,191 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Hara\Desktop\netmarble_uwo_v1007_full.exe
[2013/01/18 14:25:35 | 000,282,714 | ---- | M] () -- C:\Users\Hara\Desktop\get-attachment.jpg
[2013/01/18 10:40:49 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/01/18 06:16:54 | 016,081,552 | ---- | M] () -- C:\DELL_REMOTE-ACCESS_A06_R218808.exe
[2013/01/18 06:16:42 | 017,671,264 | ---- | M] () -- C:\R217043.exe
[2013/01/18 06:16:34 | 031,370,824 | ---- | M] (Dell) -- C:\R198174-1.exe
[2013/01/18 06:16:21 | 022,609,528 | ---- | M] () -- C:\CN_MM_1_6_0_21.zip
[2013/01/18 06:16:13 | 000,131,744 | ---- | M] () -- C:\R172699.exe
[2013/01/18 06:16:12 | 039,276,256 | ---- | M] () -- C:\R180772.exe
[2013/01/18 06:15:45 | 005,873,864 | ---- | M] () -- C:\R145514.EXE
[2013/01/18 06:15:42 | 004,803,648 | ---- | M] () -- C:\R139956.EXE
[2013/01/18 06:15:39 | 002,829,832 | ---- | M] () -- C:\R177772.exe
[2013/01/18 06:15:36 | 001,883,608 | ---- | M] () -- C:\R151573.EXE
[2013/01/18 06:15:33 | 003,915,632 | ---- | M] () -- C:\CW1340A0.exe
[2013/01/18 06:15:31 | 003,018,696 | ---- | M] () -- C:\DDUP1299.EXE
[2013/01/18 06:15:26 | 000,137,488 | ---- | M] () -- C:\DELL_SP2009W-MONITOR_A00-00_R184657.EXE
[2013/01/18 06:15:25 | 000,179,936 | ---- | M] () -- C:\Dell_2408WFP_A00-00_R172933.exe
[2013/01/18 06:15:24 | 000,137,416 | ---- | M] () -- C:\R157450.EXE
[2013/01/18 06:15:23 | 000,126,120 | ---- | M] () -- C:\DELL_S2009WB-MONITOR_A00-00_R199822.exe
[2013/01/18 06:15:22 | 000,178,512 | ---- | M] () -- C:\DELL_S2309W-MONITOR_A00-00_R192327.exe
[2013/01/18 06:15:21 | 000,126,072 | ---- | M] () -- C:\Dell_S1909WXF--19-W--monitor_A00-00_R195707.exe
[2013/01/18 06:15:20 | 000,125,272 | ---- | M] () -- C:\R188077.exe
[2013/01/18 06:15:18 | 356,389,515 | ---- | M] () -- C:\R149559.exe
[2013/01/18 06:06:25 | 007,610,864 | ---- | M] () -- C:\R168073.EXE
[2013/01/18 06:06:22 | 071,252,224 | ---- | M] () -- C:\R205375.exe
[2013/01/18 06:05:59 | 013,412,086 | ---- | M] () -- C:\R181040.exe
[2013/01/18 06:05:53 | 006,234,648 | ---- | M] () -- C:\R152085.EXE
[2013/01/18 06:05:49 | 001,066,088 | ---- | M] () -- C:\R262287.exe
[2013/01/18 06:05:47 | 001,911,704 | ---- | M] () -- C:\R225729.exe
[2013/01/18 06:05:44 | 000,950,704 | ---- | M] () -- C:\TSST_TS-H493B-HH-SATA-48X-CD_A03_R201947.EXE
[2013/01/18 06:05:41 | 002,017,311 | ---- | M] () -- C:\R166862.exe
[2013/01/18 06:05:38 | 002,023,376 | ---- | M] () -- C:\R176587.EXE
[2013/01/18 06:05:35 | 001,316,672 | ---- | M] () -- C:\R176603.EXE
[2013/01/18 06:05:32 | 001,275,840 | ---- | M] () -- C:\R176546.exe
[2013/01/18 06:05:30 | 001,269,691 | ---- | M] () -- C:\R160135.exe
[2013/01/18 06:05:28 | 002,017,168 | ---- | M] () -- C:\R166859.exe
[2013/01/18 06:05:25 | 001,032,712 | ---- | M] () -- C:\R169271.EXE
[2013/01/18 06:05:23 | 001,007,424 | ---- | M] () -- C:\R152871.EXE
[2013/01/18 06:05:21 | 061,629,057 | ---- | M] () -- C:\Dell_multi-device_A00_R152639.exe
[2013/01/18 06:05:00 | 002,432,568 | ---- | M] () -- C:\R213715.exe
[2013/01/18 06:04:57 | 002,445,208 | ---- | M] () -- C:\R213714.EXE
[2013/01/18 06:04:54 | 021,378,440 | ---- | M] () -- C:\R152143.EXE
[2013/01/18 06:04:45 | 001,410,296 | ---- | M] () -- C:\Samsung_multi-device_A00_R180581.exe
[2013/01/18 06:04:43 | 021,953,896 | ---- | M] () -- C:\R159175.EXE
[2013/01/18 06:04:34 | 002,093,584 | ---- | M] () -- C:\R269603.exe
[2013/01/18 06:04:31 | 002,852,352 | ---- | M] () -- C:\R220045.exe
[2013/01/18 06:04:28 | 002,852,216 | ---- | M] () -- C:\R220026.exe
[2013/01/18 06:04:25 | 002,839,728 | ---- | M] () -- C:\R220314.exe
[2013/01/18 06:04:22 | 002,852,424 | ---- | M] () -- C:\R220296.exe
[2013/01/18 06:04:19 | 013,341,832 | ---- | M] () -- C:\R212831.exe
[2013/01/18 06:04:13 | 013,341,736 | ---- | M] () -- C:\R212829.exe
[2013/01/18 06:04:06 | 000,534,296 | ---- | M] () -- C:\R169419.EXE
[2013/01/18 06:04:04 | 106,845,368 | ---- | M] () -- C:\AMD_RADEON-HD3450--256MB-PCI_A03_R211909.exe
[2013/01/18 06:03:29 | 063,170,304 | ---- | M] () -- C:\ATI_multi-device_A04_R160911.exe
[2013/01/18 06:03:06 | 058,635,672 | ---- | M] () -- C:\R170350.EXE
[2013/01/18 06:02:45 | 058,420,080 | ---- | M] () -- C:\R166208.EXE
[2013/01/18 06:02:25 | 008,779,776 | ---- | M] () -- C:\R130977.EXE
[2013/01/18 06:02:20 | 002,766,464 | ---- | M] () -- C:\R149813.EXE
[2013/01/18 06:02:17 | 068,798,608 | ---- | M] () -- C:\AMD_RADEON-HD-2400-XT_A06_R179780.exe
[2013/01/18 06:01:53 | 068,798,624 | ---- | M] () -- C:\AMD_RADEON-HD-2400-PRO_A06_R179787.exe
[2013/01/18 06:01:29 | 000,671,744 | ---- | M] () -- C:\R197267.exe
[2013/01/18 06:01:27 | 039,025,824 | ---- | M] () -- C:\R172217.zip
[2013/01/18 06:01:13 | 000,000,301 | ---- | M] () -- C:\WildTangent Games URL.zip
[2013/01/18 06:01:11 | 357,429,754 | ---- | M] () -- C:\R174369.zip
[2013/01/18 05:59:07 | 034,628,826 | ---- | M] () -- C:\R164210.exe
[2013/01/18 05:58:48 | 004,514,189 | ---- | M] () -- C:\HB1_7D16.zip
[2013/01/18 05:58:43 | 003,120,110 | ---- | M] () -- C:\HE2_7D12.zip
[2013/01/18 05:58:39 | 002,422,231 | ---- | M] () -- C:\HA6NYD12.zip
[2013/01/18 05:58:33 | 000,799,909 | ---- | M] () -- C:\HD3_SD12.zip
[2013/01/18 05:58:30 | 001,751,886 | ---- | M] () -- C:\GH30N_FW_A103.zip
[2013/01/18 05:58:26 | 001,567,828 | ---- | M] () -- C:\GSA-H73N_FW_C109.zip
[2013/01/18 05:58:25 | 002,911,266 | ---- | M] () -- C:\BH20N-C106.zip
[2013/01/18 05:58:21 | 001,795,598 | ---- | M] () -- C:\XA6H6D17.zip
[2013/01/18 05:58:18 | 001,458,267 | ---- | M] () -- C:\DH-16W1S_2D15.zip
[2013/01/18 05:58:15 | 002,876,674 | ---- | M] () -- C:\GBC-H20N_C102.zip
[2013/01/18 05:58:12 | 000,895,873 | ---- | M] () -- C:\DH-48C2S_ND12.zip
[2013/01/18 05:58:09 | 000,720,896 | ---- | M] (Hitachi-LG DataStroage) -- C:\B110.exe
[2013/01/18 05:58:05 | 000,711,517 | ---- | M] () -- C:\DROM6316_ODNK.zip
[2013/01/18 05:58:05 | 000,000,227 | ---- | M] () -- C:\R209606_e.zip
[2013/01/18 05:58:02 | 001,065,012 | ---- | M] (ASUS Technologies Ltd.) -- C:\I531_1013.EXE
[2013/01/18 05:57:49 | 001,065,012 | ---- | M] (ASUS Technologies Ltd.) -- C:\I531_1010.exe
[2013/01/16 09:14:36 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/14 10:11:50 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/14 10:11:50 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/14 10:01:23 | 000,000,034 | -H-- | M] () -- C:\Windows\System32\Converter_sysquict.dat
[2013/01/14 09:40:01 | 000,001,971 | ---- | M] () -- C:\Users\Hara\Desktop\Chrome.lnk
[2013/01/14 06:26:31 | 000,126,015 | ---- | M] () -- C:\Users\Hara\Desktop\130113112625-gallery-2014-chevrolet-corvette-large-gallery-horizontal.jpg
[2013/01/12 10:17:34 | 000,122,756 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013/01/12 05:42:38 | 000,000,595 | ---- | M] () -- C:\Windows\EReg077.dat
[2013/01/11 05:52:11 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013/01/10 12:56:40 | 001,643,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 12:30:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 09:17:28 | 000,002,274 | ---- | M] () -- C:\Windows\__br.gif
[2013/01/10 09:17:28 | 000,002,190 | ---- | M] () -- C:\Windows\__tr.gif
[2013/01/10 09:17:28 | 000,002,010 | ---- | M] () -- C:\Windows\__fr.gif
[2013/01/10 09:17:28 | 000,001,960 | ---- | M] () -- C:\Windows\__mr.gif
[2013/01/10 09:17:28 | 000,001,814 | ---- | M] () -- C:\Windows\__jr.gif
[2013/01/10 09:17:28 | 000,001,745 | ---- | M] () -- C:\Windows\__rr.gif
[2013/01/10 09:17:28 | 000,001,696 | ---- | M] () -- C:\Windows\__sr.gif
[2013/01/10 09:17:28 | 000,001,666 | ---- | M] () -- C:\Windows\__ir.gif
[2013/01/10 09:17:28 | 000,001,376 | ---- | M] () -- C:\Windows\__pr.gif
[2013/01/10 09:17:28 | 000,001,366 | ---- | M] () -- C:\Windows\__ar.gif
[2013/01/10 09:17:26 | 000,447,659 | ---- | M] () -- C:\Windows\smc.zip
[2013/01/10 06:36:50 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2013/01/10 06:36:50 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\packet.dll
[2013/01/10 06:36:50 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2013/01/09 12:06:52 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 12:00:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 09:59:26 | 000,033,280 | ---- | M] () -- C:\Users\Hara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/07 07:26:53 | 000,000,938 | ---- | M] () -- C:\Users\Hara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/22 05:14:52 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2013/01/19 20:45:42 | 000,001,503 | ---- | C] () -- C:\Users\Public\Desktop\Uncharted Waters Online.lnk
[2013/01/19 20:33:16 | 000,001,680 | ---- | C] () -- C:\Users\Hara\Application Data\Microsoft\Internet Explorer\Quick Launch\MarbleStation.lnk
[2013/01/18 14:25:34 | 000,282,714 | ---- | C] () -- C:\Users\Hara\Desktop\get-attachment.jpg
[2013/01/18 10:40:48 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/01/18 10:40:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/01/18 06:16:43 | 016,081,552 | ---- | C] () -- C:\DELL_REMOTE-ACCESS_A06_R218808.exe
[2013/01/18 06:16:35 | 017,671,264 | ---- | C] () -- C:\R217043.exe
[2013/01/18 06:16:13 | 022,609,528 | ---- | C] () -- C:\CN_MM_1_6_0_21.zip
[2013/01/18 06:16:12 | 000,131,744 | ---- | C] () -- C:\R172699.exe
[2013/01/18 06:16:00 | 039,276,256 | ---- | C] () -- C:\R180772.exe
[2013/01/18 06:15:42 | 005,873,864 | ---- | C] () -- C:\R145514.EXE
[2013/01/18 06:15:39 | 004,803,648 | ---- | C] () -- C:\R139956.EXE
[2013/01/18 06:15:36 | 002,829,832 | ---- | C] () -- C:\R177772.exe
[2013/01/18 06:15:34 | 001,883,608 | ---- | C] () -- C:\R151573.EXE
[2013/01/18 06:15:31 | 003,915,632 | ---- | C] () -- C:\CW1340A0.exe
[2013/01/18 06:15:27 | 003,018,696 | ---- | C] () -- C:\DDUP1299.EXE
[2013/01/18 06:15:26 | 000,137,488 | ---- | C] () -- C:\DELL_SP2009W-MONITOR_A00-00_R184657.EXE
[2013/01/18 06:15:25 | 000,179,936 | ---- | C] () -- C:\Dell_2408WFP_A00-00_R172933.exe
[2013/01/18 06:15:24 | 000,137,416 | ---- | C] () -- C:\R157450.EXE
[2013/01/18 06:15:23 | 000,126,120 | ---- | C] () -- C:\DELL_S2009WB-MONITOR_A00-00_R199822.exe
[2013/01/18 06:15:21 | 000,178,512 | ---- | C] () -- C:\DELL_S2309W-MONITOR_A00-00_R192327.exe
[2013/01/18 06:15:20 | 000,126,072 | ---- | C] () -- C:\Dell_S1909WXF--19-W--monitor_A00-00_R195707.exe
[2013/01/18 06:15:19 | 000,125,272 | ---- | C] () -- C:\R188077.exe
[2013/01/18 06:06:26 | 356,389,515 | ---- | C] () -- C:\R149559.exe
[2013/01/18 06:06:22 | 007,610,864 | ---- | C] () -- C:\R168073.EXE
[2013/01/18 06:06:00 | 071,252,224 | ---- | C] () -- C:\R205375.exe
[2013/01/18 06:05:54 | 013,412,086 | ---- | C] () -- C:\R181040.exe
[2013/01/18 06:05:50 | 006,234,648 | ---- | C] () -- C:\R152085.EXE
[2013/01/18 06:05:48 | 001,066,088 | ---- | C] () -- C:\R262287.exe
[2013/01/18 06:05:44 | 001,911,704 | ---- | C] () -- C:\R225729.exe
[2013/01/18 06:05:43 | 000,950,704 | ---- | C] () -- C:\TSST_TS-H493B-HH-SATA-48X-CD_A03_R201947.EXE
[2013/01/18 06:05:39 | 002,017,311 | ---- | C] () -- C:\R166862.exe
[2013/01/18 06:05:36 | 002,023,376 | ---- | C] () -- C:\R176587.EXE
[2013/01/18 06:05:33 | 001,316,672 | ---- | C] () -- C:\R176603.EXE
[2013/01/18 06:05:31 | 001,275,840 | ---- | C] () -- C:\R176546.exe
[2013/01/18 06:05:29 | 001,269,691 | ---- | C] () -- C:\R160135.exe
[2013/01/18 06:05:26 | 002,017,168 | ---- | C] () -- C:\R166859.exe
[2013/01/18 06:05:24 | 001,032,712 | ---- | C] () -- C:\R169271.EXE
[2013/01/18 06:05:22 | 001,007,424 | ---- | C] () -- C:\R152871.EXE
[2013/01/18 06:05:01 | 061,629,057 | ---- | C] () -- C:\Dell_multi-device_A00_R152639.exe
[2013/01/18 06:04:58 | 002,432,568 | ---- | C] () -- C:\R213715.exe
[2013/01/18 06:04:55 | 002,445,208 | ---- | C] () -- C:\R213714.EXE
[2013/01/18 06:04:45 | 021,378,440 | ---- | C] () -- C:\R152143.EXE
[2013/01/18 06:04:43 | 001,410,296 | ---- | C] () -- C:\Samsung_multi-device_A00_R180581.exe
[2013/01/18 06:04:34 | 021,953,896 | ---- | C] () -- C:\R159175.EXE
[2013/01/18 06:04:31 | 002,093,584 | ---- | C] () -- C:\R269603.exe
[2013/01/18 06:04:29 | 002,852,352 | ---- | C] () -- C:\R220045.exe
[2013/01/18 06:04:26 | 002,852,216 | ---- | C] () -- C:\R220026.exe
[2013/01/18 06:04:23 | 002,839,728 | ---- | C] () -- C:\R220314.exe
[2013/01/18 06:04:20 | 002,852,424 | ---- | C] () -- C:\R220296.exe
[2013/01/18 06:04:13 | 013,341,832 | ---- | C] () -- C:\R212831.exe
[2013/01/18 06:04:07 | 013,341,736 | ---- | C] () -- C:\R212829.exe
[2013/01/18 06:04:05 | 000,534,296 | ---- | C] () -- C:\R169419.EXE
[2013/01/18 06:03:30 | 106,845,368 | ---- | C] () -- C:\AMD_RADEON-HD3450--256MB-PCI_A03_R211909.exe
[2013/01/18 06:03:07 | 063,170,304 | ---- | C] () -- C:\ATI_multi-device_A04_R160911.exe
[2013/01/18 06:02:46 | 058,635,672 | ---- | C] () -- C:\R170350.EXE
[2013/01/18 06:02:26 | 058,420,080 | ---- | C] () -- C:\R166208.EXE
[2013/01/18 06:02:21 | 008,779,776 | ---- | C] () -- C:\R130977.EXE
[2013/01/18 06:02:18 | 002,766,464 | ---- | C] () -- C:\R149813.EXE
[2013/01/18 06:01:53 | 068,798,608 | ---- | C] () -- C:\AMD_RADEON-HD-2400-XT_A06_R179780.exe
[2013/01/18 06:01:30 | 068,798,624 | ---- | C] () -- C:\AMD_RADEON-HD-2400-PRO_A06_R179787.exe
[2013/01/18 06:01:28 | 000,671,744 | ---- | C] () -- C:\R197267.exe
[2013/01/18 06:01:14 | 039,025,824 | ---- | C] () -- C:\R172217.zip
[2013/01/18 06:01:13 | 000,000,301 | ---- | C] () -- C:\WildTangent Games URL.zip
[2013/01/18 05:59:07 | 357,429,754 | ---- | C] () -- C:\R174369.zip
[2013/01/18 05:58:49 | 034,628,826 | ---- | C] () -- C:\R164210.exe
[2013/01/18 05:58:44 | 004,514,189 | ---- | C] () -- C:\HB1_7D16.zip
[2013/01/18 05:58:39 | 003,120,110 | ---- | C] () -- C:\HE2_7D12.zip
[2013/01/18 05:58:34 | 002,422,231 | ---- | C] () -- C:\HA6NYD12.zip
[2013/01/18 05:58:31 | 000,799,909 | ---- | C] () -- C:\HD3_SD12.zip
[2013/01/18 05:58:27 | 001,751,886 | ---- | C] () -- C:\GH30N_FW_A103.zip
[2013/01/18 05:58:25 | 001,567,828 | ---- | C] () -- C:\GSA-H73N_FW_C109.zip
[2013/01/18 05:58:22 | 002,911,266 | ---- | C] () -- C:\BH20N-C106.zip
[2013/01/18 05:58:19 | 001,795,598 | ---- | C] () -- C:\XA6H6D17.zip
[2013/01/18 05:58:16 | 001,458,267 | ---- | C] () -- C:\DH-16W1S_2D15.zip
[2013/01/18 05:58:13 | 002,876,674 | ---- | C] () -- C:\GBC-H20N_C102.zip
[2013/01/18 05:58:10 | 000,895,873 | ---- | C] () -- C:\DH-48C2S_ND12.zip
[2013/01/18 05:58:05 | 000,000,227 | ---- | C] () -- C:\R209606_e.zip
[2013/01/18 05:58:03 | 000,711,517 | ---- | C] () -- C:\DROM6316_ODNK.zip
[2013/01/14 10:01:23 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2013/01/14 06:26:31 | 000,126,015 | ---- | C] () -- C:\Users\Hara\Desktop\130113112625-gallery-2014-chevrolet-corvette-large-gallery-horizontal.jpg
[2013/01/12 05:42:38 | 000,000,595 | ---- | C] () -- C:\Windows\EReg077.dat
[2013/01/11 09:48:42 | 000,000,913 | ---- | C] () -- C:\Users\Hara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Coverter.lnk
[2013/01/11 05:52:11 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013/01/10 12:53:09 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/01/10 12:40:52 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/01/10 12:40:26 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/01/10 12:39:39 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/01/10 12:38:59 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/01/10 12:30:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 12:30:15 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/10 09:17:28 | 000,002,274 | ---- | C] () -- C:\Windows\__br.gif
[2013/01/10 09:17:28 | 000,002,190 | ---- | C] () -- C:\Windows\__tr.gif
[2013/01/10 09:17:28 | 000,002,010 | ---- | C] () -- C:\Windows\__fr.gif
[2013/01/10 09:17:28 | 000,001,960 | ---- | C] () -- C:\Windows\__mr.gif
[2013/01/10 09:17:28 | 000,001,814 | ---- | C] () -- C:\Windows\__jr.gif
[2013/01/10 09:17:28 | 000,001,745 | ---- | C] () -- C:\Windows\__rr.gif
[2013/01/10 09:17:28 | 000,001,696 | ---- | C] () -- C:\Windows\__sr.gif
[2013/01/10 09:17:28 | 000,001,666 | ---- | C] () -- C:\Windows\__ir.gif
[2013/01/10 09:17:28 | 000,001,376 | ---- | C] () -- C:\Windows\__pr.gif
[2013/01/10 09:17:28 | 000,001,366 | ---- | C] () -- C:\Windows\__ar.gif
[2013/01/10 09:17:26 | 000,447,659 | ---- | C] () -- C:\Windows\smc.zip
[2013/01/10 05:39:08 | 000,001,971 | ---- | C] () -- C:\Users\Hara\Desktop\Chrome.lnk
[2013/01/09 18:38:17 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/01/09 18:38:17 | 000,001,104 | ---- | C] () -- C:\Users\Hara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/01/09 12:06:52 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 12:00:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/07 14:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/11/21 12:43:12 | 000,113,894 | ---- | C] () -- C:\Users\Hara\march_03 copy.jpg
[2012/11/21 12:43:04 | 000,954,307 | ---- | C] () -- C:\Users\Hara\march_03.psd
[2012/09/12 12:14:15 | 000,469,075 | ---- | C] () -- C:\Users\Hara\charlie.jpg
[2012/05/27 02:16:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/05/26 17:28:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/05/26 17:28:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/05/26 16:35:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/29 18:45:40 | 000,130,987 | ---- | C] () -- C:\Windows\hpoins12.dat
[2012/02/23 14:58:09 | 000,122,756 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/15 16:00:15 | 000,122,798 | ---- | C] () -- C:\Windows\hpoins14.dat.temp
[2012/02/15 16:00:15 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2012/02/11 12:24:25 | 000,140,959 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012/02/11 12:24:25 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2011/10/14 17:40:01 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/10/14 17:40:00 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/14 17:39:59 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/14 17:39:58 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/13 15:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/09/15 13:47:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\FD31B18EFE.sys
[2011/09/15 13:47:24 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/09 07:34:05 | 000,000,102 | ---- | C] () -- C:\Windows\WSIMFARM.INI
[2011/07/25 13:02:23 | 000,000,299 | ---- | C] () -- C:\Windows\EReg515.dat
[2011/07/23 15:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011/07/23 14:21:45 | 000,000,843 | ---- | C] () -- C:\Windows\Disney.ini
[2010/05/16 18:52:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/26 18:22:20 | 000,000,000 | ---- | C] () -- C:\Users\Hara\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/02/22 16:57:26 | 000,000,680 | ---- | C] () -- C:\Users\Hara\AppData\Local\d3d9caps.dat
[2010/02/15 18:23:25 | 000,033,280 | ---- | C] () -- C:\Users\Hara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/02 17:08:01 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Azureus
[2010/01/31 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\BITS
[2012/08/05 12:12:49 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Catalina Marketing Corp
[2011/10/19 09:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\cuteAlbum
[2010/02/01 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\DAEMON Tools Lite
[2011/10/19 09:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\DrawUI
[2010/01/31 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\FlashGet
[2010/01/31 13:23:29 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\FlashGetBHO
[2012/01/07 15:58:10 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\FrostWire
[2011/09/09 07:26:47 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\GetRightToGo
[2011/05/16 05:23:15 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\GlobalMojo
[2012/07/23 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Image Zone Express
[2010/01/25 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Leadertech
[2010/04/25 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\MessengerGadget
[2010/05/07 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\NetMedia Providers
[2012/07/12 08:55:31 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\PerfectTablePlan
[2012/07/23 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Printer Info Cache
[2010/02/01 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Publish Providers
[2010/02/01 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Sony
[2011/06/23 14:28:56 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Stu Bedore
[2013/01/10 09:16:00 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\TeamViewer
[2012/02/07 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\TomTom
[2010/01/26 21:42:36 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\Trillian
[2011/09/15 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\uPlayer
[2010/02/01 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Hara\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >

OTL Extras logfile created on: 1/22/2013 10:45:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hara\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 55.19% Memory free
7.11 Gb Paging File | 5.62 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 68.70 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.89 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
Drive E: | 646.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Hara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023852E6-A57B-4FEA-BB35-EF300B300F9B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BB022C6-E674-480C-A75E-0C5DAD5B9E40}" = lport=138 | protocol=17 | dir=in | app=system |
"{42A7ACBB-B6E8-4DF1-8D98-B2D1707E66FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{44C1DF52-5E63-4D8B-B074-2198473965F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F62EB41-EF23-40B5-8AAA-F9A51DFB976E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7B09D32-BACF-4A74-98C4-D3D432A36EC5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B0F9C06F-7934-4B32-92A8-A2E6E88B639C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2AE8F8C-23D5-4391-A97C-07BCC7589E8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5724E02-0AEF-470A-825C-CCD76D874353}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF2E6837-35F0-4C10-B373-669869C5CB49}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{553DD847-BE23-4FB8-B418-BDB66654010B}" = protocol=58 | dir=out | [email protected],-28546 |
"{667C57BD-EEF6-4932-810D-EE4058346F6C}" = protocol=1 | dir=out | [email protected],-28544 |
"{6B809057-5E08-4BF2-B594-39B5479AF203}" = protocol=1 | dir=in | [email protected],-28543 |
"{BA714F90-A095-4836-97F2-D775B89AE723}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{09C8C181-BCCD-4C5F-9041-EC07BB4848A2}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{7173AB81-F194-4141-8E13-25356066117E}C:\users\hara\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hara\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D7C1FADD-5A97-4825-BB23-53D552D16DF5}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{8077A260-E7E2-4AF3-95AE-63A5029DAC3D}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{81FCAD88-7E47-4BB2-9BB1-8F8D20B92472}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{BFA7E17F-A2EC-49A9-A3F1-19BBA64ABB68}C:\users\hara\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hara\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D03E0AF-A6D1-407A-AAF5-5B429D271EC5}" = LeapFrog MyOwnLeaptop Plugin
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF31E48-F4B3-4110-88BB-CA38D625D0B7}" = Uncharted Waters Online
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Coupon Companion Plugin" = Coupon Companion Plugin
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Oregon Trail 3" = Oregon Trail 3
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2013 4:05:51 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 1/20/2013 9:10:29 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/20/2013 9:16:27 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/20/2013 9:29:50 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/21/2013 7:35:54 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/22/2013 6:29:30 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/22/2013 6:46:16 AM | Computer Name = Home | Source = EventSystem | ID = 4621
Description =

Error - 1/22/2013 6:58:44 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/22/2013 7:04:56 AM | Computer Name = Home | Source = WinMgmt | ID = 10
Description =

Error - 1/22/2013 7:14:22 AM | Computer Name = Home | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 1/22/2013 6:57:12 AM | Computer Name = Home | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 1/22/2013 6:57:12 AM | Computer Name = Home | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Deskjet F4100 series
with shared resource name HP Deskjet F4100 series. Error 2114. The printer cannot
be used by others on the network.

Error - 1/22/2013 6:58:44 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 1/22/2013 6:58:44 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 1/22/2013 6:58:44 AM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 1/22/2013 7:02:19 AM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 1/22/2013 7:04:57 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 1/22/2013 7:04:57 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 1/22/2013 7:04:57 AM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 1/22/2013 7:08:39 AM | Computer Name = Home | Source = Service Control Manager | ID = 7022
Description =

< End of report >

Edited by NavyWife, 22 January 2013 - 11:01 AM.

#2
RKinner

Posted 22 January 2013 - 12:13 PM

Malware Expert

Expert
24,483 posts

You have these entries in your hosts file:

O1 - Hosts: 70.42.237.49 rest.outspark.net #Fiesta DNS
O1 - Hosts: 70.42.237.49 patchdb.outspark.net #Fiesta DNS

But if I ask the DNS for an ip address for the two entries I get totally different numbers.
>nslookup rest.outspark.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: rest.outspark.net
Address: 72.5.66.141

>nslookup patchdb.outspark.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: patchdb.outspark.net
Address: 72.5.66.139

I think you should take them out and see if it will then connect.

Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert.

Otherwise I don't see anything that could stop it from connecting. You have a lot of junk in Firefox that you don't need but we will work on that after we get the game to connect.

Ron

#3
NavyWife

Posted 22 January 2013 - 12:34 PM

Member

Topic Starter
Member
23 posts

You have these entries in your hosts file:

O1 - Hosts: 70.42.237.49 rest.outspark.net #Fiesta DNS
O1 - Hosts: 70.42.237.49 patchdb.outspark.net #Fiesta DNS

But if I ask the DNS for an ip address for the two entries I get totally different numbers.
>nslookup rest.outspark.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: rest.outspark.net
Address: 72.5.66.141

>nslookup patchdb.outspark.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: patchdb.outspark.net
Address: 72.5.66.139

I think you should take them out and see if it will then connect.

Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert.

Otherwise I don't see anything that could stop it from connecting. You have a lot of junk in Firefox that you don't need but we will work on that after we get the game to connect.

Ron

You sir are a genius! Thank you so much! The game launched and patched.

Do I need to worry about the firefox stuff as well?

#4
RKinner

Posted 22 January 2013 - 12:54 PM

Malware Expert

Expert
24,483 posts

Uninstall

Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKCU..\Run: [DW6] File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = restore\restorestarter.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01222013-some number.log so look there if you don't see it.

Also you need to uninstall some obsolete stuff.

Adobe Reader 9.5.3 - Obsolete. Get the latest reader at adobe.com. Uncheck the extra downloads such as Ask Toolbar, Yahoo Toolbar, McAfee Security Scan before downloading.

Java™ 6 Update 31 - Obsolete. You have the latest but see my goodbye post for security considerations.
JavaFX 2.1.1 - Obsolete. You have the latest.

Let's also run adwcleaner

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Finally get, Save and run Speedy Fox by right clicking and Run As Administrator.
http://www.crystalidea.com/speedyfox
Close Firefox.
Click on Speedup my Firefox.

Start Firefox. You should see a big improvement in the time it takes for Firefox to come up.

I think that's all and we can clean up:

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run by right clicking and Run As Admin the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows. I just tell it to ignore that.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

#5
NavyWife

Posted 22 January 2013 - 01:11 PM

Member

Topic Starter
Member
23 posts

Uninstall

Copy the text in the code box by highlighting and Ctrl + c
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKCU..\Run: [DW6] File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = restore\restorestarter.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01222013-some number.log so look there if you don't see it.

Also you need to uninstall some obsolete stuff.

Adobe Reader 9.5.3 - Obsolete. Get the latest reader at adobe.com. Uncheck the extra downloads such as Ask Toolbar, Yahoo Toolbar, McAfee Security Scan before downloading.

Java™ 6 Update 31 - Obsolete. You have the latest but see my goodbye post for security considerations.
JavaFX 2.1.1 - Obsolete. You have the latest.

Let's also run adwcleaner

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Finally get, Save and run Speedy Fox by right clicking and Run As Administrator.
http://www.crystalidea.com/speedyfox
Close Firefox.
Click on Speedup my Firefox.

Start Firefox. You should see a big improvement in the time it takes for Firefox to come up.

I think that's all and we can clean up:

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run by right clicking and Run As Admin the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows. I just tell it to ignore that.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

Before I do anything else, I'm sorry I'm not seeing the Custom Scans/Fixes box x.o

Attached Thumbnails

#6
RKinner

Posted 22 January 2013 - 01:34 PM

Malware Expert

Expert
24,483 posts

No, forget HostXpert. We don't need it any more. The custom scan is for OTL:

Rightclick on OTL and select Run As Administrator to start.

#7
NavyWife

Posted 22 January 2013 - 02:02 PM

Member

Topic Starter
Member
23 posts

========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File restore\restorestarter.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 696 bytes

User: Hara
->Flash cache emptied: 1227 bytes

User: Joseph
->Flash cache emptied: 506 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Hara
->Java cache emptied: 354432780 bytes

User: Joseph
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 338.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_134826

#8
NavyWife

Posted 22 January 2013 - 02:07 PM

Member

Topic Starter
Member
23 posts

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 14:03:58
# Updated 21/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Hara - HOME
# Boot Mode : Normal
# Running from : C:\Users\Hara\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Hara\AppData\Roaming\Mozilla\Firefox\Profiles\0cyc7ftw.default\searchplugins\Askcom.xml
Folder Deleted : C:\Users\Hara\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2464688
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Hara\AppData\Roaming\Mozilla\Firefox\Profiles\0cyc7ftw.default\prefs.js

C:\Users\Hara\AppData\Roaming\Mozilla\Firefox\Profiles\0cyc7ftw.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1357921571);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1357921571");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1357921571");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Fri Jan 18 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sat Jan 19 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358527894");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677793%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677771%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358006533146");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22130071%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358006512467");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "14");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Fri Jan [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 5);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 11);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 14);
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13c2b36d2544c8b5f8b0d0cc7c9e2041");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1357934679);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22642132);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22642133);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Hara\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [356 octets] - [22/01/2013 14:02:22]
AdwCleaner[S2].txt - [19549 octets] - [22/01/2013 14:03:58]

########## EOF - C:\AdwCleaner[S2].txt - [19610 octets] ##########

#9
NavyWife

Posted 22 January 2013 - 02:17 PM

Member

Topic Starter
Member
23 posts

Did everything else as well. Thank you so much!

#10
RKinner

Posted 22 January 2013 - 04:03 PM

Malware Expert

Expert
24,483 posts

OK. Cleanup time:

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

#11
NavyWife

Posted 23 January 2013 - 07:29 AM

Member

Topic Starter
Member
23 posts

OK. Cleanup time:

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

I plan on making a donation to Kwiaht later this evening. (It won't be much, but I'm grateful for the help you've given me.) I just want to add this one little issue to my post, this keeps popping up through the anti-malware program.

Attached Thumbnails

#12
RKinner

Posted 23 January 2013 - 10:14 AM

Malware Expert

Expert
24,483 posts

That's Pando Media Booster.

I'm not a gamer so I don't know much about it but wiki says:

http://en.wikipedia....o_(application)

I expect you can live without it see:

http://na.leagueofle...d.php?t=2446850

Per the above you should be able to uninstall it without any bad effect on your game.

If it won't uninstall we can remove it with OTL.