Solved CouponBar?

jenna28jj · 2011/01/14

[Resolved] CouponBar?

I am currently an Information Technology student. I have a HP desktop with Windows 7. A friend of mine printed some coupons from my computer and inadvertantly downloaded something called CouponBar. I have read about this and now understand why Internet Explorer rarely works and my pc is super slow. The problem I am having is i cannot uninstall this program, even in safe mode. It has no size or any other details, just the date it was downloaded, which says 8/5/2010, which is wrong considering it was downloaded last week. I have looked in the registry within my computer for the keys, for I have a list of the ones I need to delete, and i cannot find them. I dont want to, nor can I afford to, take the pc to a fix-it guy, I was wondering if any of you super smart, computer savvy people out there in forum land could maybe provide me with detailed instructions on how remove this unwanted program from my pc??? Thank you so much in advance...greatly appreciated. Jenna

broni · 2011/01/14

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jenna28jj · 2011/01/14

This is from the first one..OTL.txt

OTL logfile created on: 1/14/2011 11:25:22 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\shawns\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.05 Gb Total Space | 138.11 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.14 Gb Free Space | 17.93% Space Free | Partition Type: NTFS

Computer Name: SHAWNS-PC | User Name: shawns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\shawns\My Documents\OTL.exe
PRC - [2010/12/22 03:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/30 14:14:10 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files (x86)\LimeWire\LimeWire.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/28 07:26:46 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/04 00:38:34 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

========== Modules (SafeList) ==========

MOD - File not found -- C:\Users\shawns\My Documents\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/28 07:27:17 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/07/28 07:26:48 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/07/28 07:26:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/04/25 23:22:18 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/04/25 23:22:03 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/07/12 02:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 10:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/11/03 12:35:58 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/28 07:27:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:01:49 | 000,000,000 | ---D | M]

[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions
[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/01/14 09:56:43 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - Reg Error: Value error. File not found
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\shawns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 11:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 09:55:07 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2011/01/14 09:55:07 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2011/01/14 09:55:07 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2011/01/14 09:55:07 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2011/01/14 09:55:06 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2011/01/14 09:55:06 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2011/01/14 09:55:06 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2011/01/14 09:55:06 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2011/01/14 09:55:06 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2011/01/14 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\shawns\Desktop\SmitfraudFix
[2011/01/14 08:30:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/08 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\shawns\AppData\Local\Adobe
[2011/01/08 00:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/01/24 13:53:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/01/24 13:53:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/01/24 13:53:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/01/24 13:53:50 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/01/24 13:53:50 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/01/24 13:53:50 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/01/24 13:53:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/01/24 13:53:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/01/24 13:53:50 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/01/24 13:53:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/01/24 13:53:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/14 11:26:11 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/01/14 11:23:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 11:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/14 10:39:03 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 10:32:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 10:32:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 10:29:39 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/14 10:29:39 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/14 10:29:39 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/14 10:27:20 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/14 10:25:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/14 10:25:02 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/14 10:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 10:24:07 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 09:56:46 | 000,000,691 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:56:46 | 000,000,035 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/13 20:23:09 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/08 00:10:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2011/01/05 10:51:40 | 001,611,527 | ---- | M] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/12/19 13:40:12 | 000,048,263 | ---- | M] () -- C:\Users\shawns\Desktop\fceux.cfg
[2010/12/16 17:45:31 | 000,078,836 | ---- | M] () -- C:\Users\shawns\Documents\Intervention.rtf
[2010/12/16 03:27:09 | 000,458,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/14 09:56:46 | 000,000,035 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:56:45 | 000,000,691 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:55:06 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011/01/14 09:55:06 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011/01/14 09:55:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011/01/13 18:01:15 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/12 17:38:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/22 16:14:02 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2010/11/25 17:55:16 | 000,392,052 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.2
[2010/11/25 17:55:15 | 000,395,667 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.1
[2010/11/25 17:55:13 | 001,202,652 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.0
[2010/11/25 17:55:13 | 000,395,626 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.JPG
[2010/11/24 08:10:11 | 001,793,074 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003.JPG
[2010/11/13 09:07:30 | 000,406,616 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.JPG
[2010/11/13 09:07:17 | 001,148,709 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.0
[2010/11/07 09:36:01 | 000,010,328 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024_navi.JPG
[2010/11/07 09:35:48 | 001,368,289 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024.JPG
[2010/11/07 09:34:54 | 001,468,649 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp021.JPG
[2010/11/07 09:33:29 | 001,480,824 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp026.JPG
[2010/10/13 07:21:09 | 001,324,683 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp018.JPG
[2010/09/17 12:42:34 | 000,004,096 | -H-- | C] () -- C:\Users\shawns\AppData\Local\keyfile3.drm
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/20 07:57:51 | 001,653,916 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.JPG
[2010/05/06 07:34:32 | 002,088,607 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp007.JPG
[2010/05/06 07:28:02 | 000,056,540 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpSECUREDOWNLOAD.JPG
[2010/05/06 07:24:57 | 001,611,527 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/05/06 06:26:05 | 000,249,971 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001_CROP.JPG
[2010/05/06 06:25:26 | 001,072,245 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001.JPG
[2010/05/06 05:28:21 | 000,692,584 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011_CROP.JPG
[2010/05/06 05:27:52 | 002,723,988 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011.JPG
[2010/05/01 09:56:26 | 003,089,179 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp006.JPG
[2010/04/14 16:01:40 | 001,204,641 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp010.JPG
[2010/04/06 12:27:55 | 001,415,042 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp045.JPG
[2010/03/24 07:58:16 | 000,007,710 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.JPG
[2010/03/24 07:58:16 | 000,007,666 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.0
[2010/03/17 19:17:35 | 000,006,327 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002_navi.JPG
[2010/03/17 19:16:53 | 000,006,435 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003_navi.JPG
[2010/03/16 10:07:37 | 000,258,029 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp013.JPG
[2010/03/16 10:05:10 | 000,508,784 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.JPG
[2010/03/16 10:04:42 | 001,283,451 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.0
[2010/02/21 14:32:50 | 000,000,148 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\wklnhst.dat
[2010/02/04 15:39:53 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 09:38:57 | 000,000,077 | ---- | C] () -- C:\Windows\chemlab.ini
[2010/01/24 13:53:51 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/01/24 13:53:51 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2010/01/01 00:22:21 | 000,265,663 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.JPG
[2010/01/01 00:22:20 | 000,961,558 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.0
[2009/12/27 16:14:42 | 001,519,442 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.0
[2009/12/27 16:14:19 | 000,567,457 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.JPG
[2009/12/27 16:14:18 | 001,071,154 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.0
[2009/12/26 08:22:08 | 000,390,884 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.JPG
[2009/12/26 08:22:07 | 001,068,386 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.0
[2009/12/10 17:14:21 | 001,232,908 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.JPG
[2009/12/10 17:14:20 | 001,084,365 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.0
[2009/12/07 11:34:16 | 000,000,120 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\FixVTS.ini
[2009/12/05 23:27:10 | 000,471,474 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.JPG
[2009/12/05 23:27:09 | 001,208,764 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.0
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/06 08:44:28 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Amazon
[2010/03/05 08:04:07 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\AVG9
[2010/05/26 08:31:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitDefender
[2010/02/05 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitZipper
[2010/09/21 12:07:39 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Elluminate
[2010/01/29 12:14:35 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\GetRightToGo
[2011/01/12 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\IObit
[2010/02/07 13:22:02 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Lexmark Productivity Studio
[2011/01/14 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\LimeWire
[2010/01/17 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Meridian93
[2010/08/30 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\OpenOffice.org
[2010/08/04 11:56:23 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Panda Security
[2010/02/06 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\RipIt4Me
[2010/08/04 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\SurfSecret Privacy Suite
[2010/02/21 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Template
[2009/12/03 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WildTangent
[2009/12/11 12:57:01 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WinBatch
[2011/01/14 10:27:20 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/01/14 10:25:02 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/13 23:08:49 | 000,024,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011/01/14 10:39:03 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 11:26:11 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >

broni · 2011/01/14

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Value error. File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2010/03/05 08:04:07 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\AVG9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

jenna28jj · 2011/01/14

This is what was on my screen after the reboot, before opening OTL again and clicking the quick scan button. I thought I would post this first then I will close the page and do the scan and post the next log.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-402496917-614987249-1313985504-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-402496917-614987249-1313985504-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\SPL9D77.tmp deleted successfully.
C:\Users\shawns\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\shawns\AppData\Roaming\AVG9 folder moved successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

broni · 2011/01/14

Ok...

jenna28jj · 2011/01/14

This is after the quick scan

OTL logfile created on: 1/14/2011 14:07:36 - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\shawns\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.05 Gb Total Space | 138.15 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.14 Gb Free Space | 17.93% Space Free | Partition Type: NTFS

Computer Name: SHAWNS-PC | User Name: shawns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\shawns\My Documents\OTL.exe
PRC - [2010/12/22 03:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/28 07:26:46 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/04 00:38:34 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

========== Modules (SafeList) ==========

MOD - File not found -- C:\Users\shawns\My Documents\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/28 07:27:17 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/07/28 07:26:48 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/07/28 07:26:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/04/25 23:22:18 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/04/25 23:22:03 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/07/12 02:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 10:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/11/03 12:35:58 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/28 07:27:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:01:49 | 000,000,000 | ---D | M]

[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions
[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/01/14 09:56:43 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\shawns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 13:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/14 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\shawns\Documents\JavaRa
[2011/01/14 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/14 11:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 09:55:07 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2011/01/14 09:55:07 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2011/01/14 09:55:07 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2011/01/14 09:55:07 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2011/01/14 09:55:06 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2011/01/14 09:55:06 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2011/01/14 09:55:06 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2011/01/14 09:55:06 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2011/01/14 09:55:06 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2011/01/14 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\shawns\Desktop\SmitfraudFix
[2011/01/08 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\shawns\AppData\Local\Adobe
[2011/01/08 00:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/01/24 13:53:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/01/24 13:53:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/01/24 13:53:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/01/24 13:53:50 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/01/24 13:53:50 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/01/24 13:53:50 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/01/24 13:53:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/01/24 13:53:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/01/24 13:53:50 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/01/24 13:53:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/01/24 13:53:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/14 14:08:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 14:08:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 14:05:42 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/14 14:05:42 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/14 14:05:42 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/14 14:03:03 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/14 14:01:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/14 14:01:04 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/01/14 14:01:03 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 14:00:57 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/14 14:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 14:00:20 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 13:50:08 | 000,159,757 | ---- | M] () -- C:\Users\shawns\Documents\JavaRa.zip
[2011/01/14 13:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/14 11:23:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 09:56:46 | 000,000,691 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:56:46 | 000,000,035 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/13 20:23:09 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/08 00:10:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2011/01/05 10:51:40 | 001,611,527 | ---- | M] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/12/19 13:40:12 | 000,048,263 | ---- | M] () -- C:\Users\shawns\Desktop\fceux.cfg
[2010/12/16 17:45:31 | 000,078,836 | ---- | M] () -- C:\Users\shawns\Documents\Intervention.rtf
[2010/12/16 03:27:09 | 000,458,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/14 13:50:08 | 000,159,757 | ---- | C] () -- C:\Users\shawns\Documents\JavaRa.zip
[2011/01/14 09:56:46 | 000,000,035 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:56:45 | 000,000,691 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:55:06 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011/01/14 09:55:06 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011/01/14 09:55:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011/01/13 18:01:15 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/12 17:38:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/22 16:14:02 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2010/11/25 17:55:16 | 000,392,052 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.2
[2010/11/25 17:55:15 | 000,395,667 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.1
[2010/11/25 17:55:13 | 001,202,652 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.0
[2010/11/25 17:55:13 | 000,395,626 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.JPG
[2010/11/24 08:10:11 | 001,793,074 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003.JPG
[2010/11/13 09:07:30 | 000,406,616 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.JPG
[2010/11/13 09:07:17 | 001,148,709 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.0
[2010/11/07 09:36:01 | 000,010,328 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024_navi.JPG
[2010/11/07 09:35:48 | 001,368,289 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024.JPG
[2010/11/07 09:34:54 | 001,468,649 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp021.JPG
[2010/11/07 09:33:29 | 001,480,824 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp026.JPG
[2010/10/13 07:21:09 | 001,324,683 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp018.JPG
[2010/09/17 12:42:34 | 000,004,096 | -H-- | C] () -- C:\Users\shawns\AppData\Local\keyfile3.drm
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/20 07:57:51 | 001,653,916 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.JPG
[2010/05/06 07:34:32 | 002,088,607 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp007.JPG
[2010/05/06 07:28:02 | 000,056,540 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpSECUREDOWNLOAD.JPG
[2010/05/06 07:24:57 | 001,611,527 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/05/06 06:26:05 | 000,249,971 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001_CROP.JPG
[2010/05/06 06:25:26 | 001,072,245 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001.JPG
[2010/05/06 05:28:21 | 000,692,584 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011_CROP.JPG
[2010/05/06 05:27:52 | 002,723,988 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011.JPG
[2010/05/01 09:56:26 | 003,089,179 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp006.JPG
[2010/04/14 16:01:40 | 001,204,641 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp010.JPG
[2010/04/06 12:27:55 | 001,415,042 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp045.JPG
[2010/03/24 07:58:16 | 000,007,710 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.JPG
[2010/03/24 07:58:16 | 000,007,666 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.0
[2010/03/17 19:17:35 | 000,006,327 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002_navi.JPG
[2010/03/17 19:16:53 | 000,006,435 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003_navi.JPG
[2010/03/16 10:07:37 | 000,258,029 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp013.JPG
[2010/03/16 10:05:10 | 000,508,784 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.JPG
[2010/03/16 10:04:42 | 001,283,451 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.0
[2010/02/21 14:32:50 | 000,000,148 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\wklnhst.dat
[2010/02/04 15:39:53 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 09:38:57 | 000,000,077 | ---- | C] () -- C:\Windows\chemlab.ini
[2010/01/24 13:53:51 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/01/24 13:53:51 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2010/01/01 00:22:21 | 000,265,663 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.JPG
[2010/01/01 00:22:20 | 000,961,558 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.0
[2009/12/27 16:14:42 | 001,519,442 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.0
[2009/12/27 16:14:19 | 000,567,457 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.JPG
[2009/12/27 16:14:18 | 001,071,154 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.0
[2009/12/26 08:22:08 | 000,390,884 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.JPG
[2009/12/26 08:22:07 | 001,068,386 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.0
[2009/12/10 17:14:21 | 001,232,908 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.JPG
[2009/12/10 17:14:20 | 001,084,365 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.0
[2009/12/07 11:34:16 | 000,000,120 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\FixVTS.ini
[2009/12/05 23:27:10 | 000,471,474 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.JPG
[2009/12/05 23:27:09 | 001,208,764 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.0
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/06 08:44:28 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Amazon
[2010/05/26 08:31:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitDefender
[2010/02/05 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitZipper
[2010/09/21 12:07:39 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Elluminate
[2010/01/29 12:14:35 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\GetRightToGo
[2011/01/12 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\IObit
[2010/02/07 13:22:02 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Lexmark Productivity Studio
[2011/01/14 13:40:32 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\LimeWire
[2010/01/17 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Meridian93
[2010/08/30 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\OpenOffice.org
[2010/08/04 11:56:23 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Panda Security
[2010/02/06 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\RipIt4Me
[2010/08/04 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\SurfSecret Privacy Suite
[2010/02/21 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Template
[2009/12/03 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WildTangent
[2009/12/11 12:57:01 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WinBatch
[2011/01/14 14:03:03 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/01/14 14:00:57 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/13 23:08:49 | 000,025,160 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011/01/14 14:01:03 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 14:01:04 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

< End of report >

broni · 2011/01/14

Is the bar gone?

jenna28jj · 2011/01/14

no, in the control panel it is still there...still cant click uninstall..although my computer seems ok??

broni · 2011/01/14

That's just registry leftover.
Navigate to \Program Files\OTListIt2 and post the content of Extras.txt, which you never posted.

jenna28jj · 2011/01/14

Extras.txt...Im sorry I thought I had posted it

OTL logfile created on: 1/14/2011 14:07:36 - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\shawns\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.05 Gb Total Space | 138.15 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.14 Gb Free Space | 17.93% Space Free | Partition Type: NTFS

Computer Name: SHAWNS-PC | User Name: shawns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\shawns\My Documents\OTL.exe
PRC - [2010/12/22 03:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/28 07:26:46 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/04 00:38:34 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

========== Modules (SafeList) ==========

MOD - File not found -- C:\Users\shawns\My Documents\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/28 07:27:17 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/07/28 07:26:48 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/07/28 07:26:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/04/25 23:22:18 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/04/25 23:22:03 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/07/12 02:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 10:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/11/03 12:35:58 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-402496917-614987249-1313985504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/28 07:27:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:01:49 | 000,000,000 | ---D | M]

[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions
[2009/12/19 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shawns\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/01/14 09:56:43 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\shawns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-402496917-614987249-1313985504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 13:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/14 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\shawns\Documents\JavaRa
[2011/01/14 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/14 11:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 09:55:07 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2011/01/14 09:55:07 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2011/01/14 09:55:07 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2011/01/14 09:55:07 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2011/01/14 09:55:07 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2011/01/14 09:55:06 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2011/01/14 09:55:06 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2011/01/14 09:55:06 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2011/01/14 09:55:06 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2011/01/14 09:55:06 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2011/01/14 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\shawns\Desktop\SmitfraudFix
[2011/01/08 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\shawns\AppData\Local\Adobe
[2011/01/08 00:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/01/24 13:53:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/01/24 13:53:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/01/24 13:53:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/01/24 13:53:50 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/01/24 13:53:50 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/01/24 13:53:50 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/01/24 13:53:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/01/24 13:53:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/01/24 13:53:50 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/01/24 13:53:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/01/24 13:53:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/14 14:08:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 14:08:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 14:05:42 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/14 14:05:42 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/14 14:05:42 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/14 14:03:03 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/14 14:01:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/14 14:01:04 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/01/14 14:01:03 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 14:00:57 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/01/14 14:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 14:00:20 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 13:50:08 | 000,159,757 | ---- | M] () -- C:\Users\shawns\Documents\JavaRa.zip
[2011/01/14 13:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/14 11:23:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shawns\Documents\OTL.exe
[2011/01/14 09:56:46 | 000,000,691 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:56:46 | 000,000,035 | ---- | M] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/13 20:23:09 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/08 00:10:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2011/01/05 10:51:40 | 001,611,527 | ---- | M] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/12/19 13:40:12 | 000,048,263 | ---- | M] () -- C:\Users\shawns\Desktop\fceux.cfg
[2010/12/16 17:45:31 | 000,078,836 | ---- | M] () -- C:\Users\shawns\Documents\Intervention.rtf
[2010/12/16 03:27:09 | 000,458,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/14 13:50:08 | 000,159,757 | ---- | C] () -- C:\Users\shawns\Documents\JavaRa.zip
[2011/01/14 09:56:46 | 000,000,035 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\SetValue.bat
[2011/01/14 09:56:45 | 000,004,252 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2011/01/14 09:56:45 | 000,000,691 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\GetValue.vbs
[2011/01/14 09:55:06 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011/01/14 09:55:06 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011/01/14 09:55:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011/01/13 18:01:15 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/12 17:38:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/22 16:14:02 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForshawns.job
[2010/11/25 17:55:16 | 000,392,052 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.2
[2010/11/25 17:55:15 | 000,395,667 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.1
[2010/11/25 17:55:13 | 001,202,652 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.0
[2010/11/25 17:55:13 | 000,395,626 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002.JPG
[2010/11/24 08:10:11 | 001,793,074 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003.JPG
[2010/11/13 09:07:30 | 000,406,616 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.JPG
[2010/11/13 09:07:17 | 001,148,709 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp012.0
[2010/11/07 09:36:01 | 000,010,328 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024_navi.JPG
[2010/11/07 09:35:48 | 001,368,289 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp024.JPG
[2010/11/07 09:34:54 | 001,468,649 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp021.JPG
[2010/11/07 09:33:29 | 001,480,824 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp026.JPG
[2010/10/13 07:21:09 | 001,324,683 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp018.JPG
[2010/09/17 12:42:34 | 000,004,096 | -H-- | C] () -- C:\Users\shawns\AppData\Local\keyfile3.drm
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/20 07:57:51 | 001,653,916 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.JPG
[2010/05/06 07:34:32 | 002,088,607 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp007.JPG
[2010/05/06 07:28:02 | 000,056,540 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpSECUREDOWNLOAD.JPG
[2010/05/06 07:24:57 | 001,611,527 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp004.JPG
[2010/05/06 06:26:05 | 000,249,971 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001_CROP.JPG
[2010/05/06 06:25:26 | 001,072,245 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp001.JPG
[2010/05/06 05:28:21 | 000,692,584 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011_CROP.JPG
[2010/05/06 05:27:52 | 002,723,988 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp011.JPG
[2010/05/01 09:56:26 | 003,089,179 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp006.JPG
[2010/04/14 16:01:40 | 001,204,641 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp010.JPG
[2010/04/06 12:27:55 | 001,415,042 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp045.JPG
[2010/03/24 07:58:16 | 000,007,710 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.JPG
[2010/03/24 07:58:16 | 000,007,666 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmpM_A85061BC9B4541F3F7DC275F19EC341C.0
[2010/03/17 19:17:35 | 000,006,327 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp002_navi.JPG
[2010/03/17 19:16:53 | 000,006,435 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp003_navi.JPG
[2010/03/16 10:07:37 | 000,258,029 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp013.JPG
[2010/03/16 10:05:10 | 000,508,784 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.JPG
[2010/03/16 10:04:42 | 001,283,451 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp081.0
[2010/02/21 14:32:50 | 000,000,148 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\wklnhst.dat
[2010/02/04 15:39:53 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 09:38:57 | 000,000,077 | ---- | C] () -- C:\Windows\chemlab.ini
[2010/01/24 13:53:51 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/01/24 13:53:51 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2010/01/01 00:22:21 | 000,265,663 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.JPG
[2010/01/01 00:22:20 | 000,961,558 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp017.0
[2009/12/27 16:14:42 | 001,519,442 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp015.0
[2009/12/27 16:14:19 | 000,567,457 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.JPG
[2009/12/27 16:14:18 | 001,071,154 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp016.0
[2009/12/26 08:22:08 | 000,390,884 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.JPG
[2009/12/26 08:22:07 | 001,068,386 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp008.0
[2009/12/10 17:14:21 | 001,232,908 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.JPG
[2009/12/10 17:14:20 | 001,084,365 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp005.0
[2009/12/07 11:34:16 | 000,000,120 | ---- | C] () -- C:\Users\shawns\AppData\Roaming\FixVTS.ini
[2009/12/05 23:27:10 | 000,471,474 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.JPG
[2009/12/05 23:27:09 | 001,208,764 | ---- | C] () -- C:\Users\shawns\AppData\Local\tmp035.0
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/06 08:44:28 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Amazon
[2010/05/26 08:31:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitDefender
[2010/02/05 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\BitZipper
[2010/09/21 12:07:39 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Elluminate
[2010/01/29 12:14:35 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\GetRightToGo
[2011/01/12 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\IObit
[2010/02/07 13:22:02 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Lexmark Productivity Studio
[2011/01/14 13:40:32 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\LimeWire
[2010/01/17 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Meridian93
[2010/08/30 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\OpenOffice.org
[2010/08/04 11:56:23 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Panda Security
[2010/02/06 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\RipIt4Me
[2010/08/04 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\SurfSecret Privacy Suite
[2010/02/21 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\Template
[2009/12/03 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WildTangent
[2009/12/11 12:57:01 | 000,000,000 | ---D | M] -- C:\Users\shawns\AppData\Roaming\WinBatch
[2011/01/14 14:03:03 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/01/14 14:00:57 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/12/31 10:40:03 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/13 23:08:49 | 000,025,160 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/14 09:21:28 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011/01/14 14:01:03 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/14 14:01:04 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

< End of report >

broni · 2011/01/14

No, this is OTL.txt, not Extras.txt.

jenna28jj · 2011/01/14

ok, then im not exactly sure where i would navigate to get the / Program Files at?

jenna28jj · 2011/01/14

no items match my search

broni · 2011/01/14

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
extras.txt
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

jenna28jj · 2011/01/14

SystemLook 04.09.10 by jpshortstuff
Log created at 17:28 on 14/01/2011 by shawns
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "extras.txt "
C:\Users\shawns\Documents\Extras.Txt --a---- 64136 bytes [17:29 14/01/2011] [23:10 14/01/2011] 55A4D4BF1C59342E69B6C25CC5F08BB2

-= EOF =-

Im pretty sure this isnt what we were looking for??

broni · 2011/01/14

It may be.
Post it.

jenna28jj · 2011/01/14

downloaded the 64 bit one...pretty much the same thing...

SystemLook 04.09.10 by jpshortstuff
Log created at 17:31 on 14/01/2011 by shawns
Administrator - Elevation successful

========== filefind ==========

Searching for "extras.txt "
C:\Users\shawns\Documents\Extras.Txt --a---- 64136 bytes [17:29 14/01/2011] [23:10 14/01/2011] 55A4D4BF1C59342E69B6C25CC5F08BB2

-= EOF =-

jenna28jj · 2011/01/14

thats all it came back with

broni · 2011/01/14

Open Windows Explorer, navigate to:
C:\Users\shawns\Documents
open Extras.Txt log and paste it back here.

Log in or Sign up

Solved CouponBar?

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved CouponBar?

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

jenna28jj Inactive Thread Starter

jenna28jj Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches