Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

New virus with tons of flashing ads and games [Solved]

Started by Beetrix , Jul 06 2013 09:34 AM

This topic is locked

#1
Beetrix

Posted 06 July 2013 - 09:34 AM

Member

Member
133 posts

Good morning,

I have another virus with tons of flashing ads and games. I am having trouble opening web sites and the ads are on many of them including Yahoo, You Tube, Charter, and more.
I have run my anti virus program Ad Aware and I have Spyware Blaster, but have not found anything.
Attached is a copy from the OTL Log. You will notice that I have at least 1000 files that are photo's for my web site, so they are fine.
Here is the log and thank you for your continued help.
Beetrix

OTL logfile created on: 7/6/2013 8:17:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.83% Memory free
7.82 Gb Paging File | 6.04 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.84 Gb Total Space | 629.80 Gb Free Space | 91.96% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.68 Gb Free Space | 12.29% Space Free | Partition Type: NTFS

Computer Name: BEE | User Name: Bee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
PRC - [2013/07/04 01:47:06 | 000,898,408 | ---- | M] (Trusted Saver) -- C:\Program Files (x86)\Trusted Saver\Trusted Saver-bg.exe
PRC - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 05:35:03 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/01 11:35:40 | 000,214,808 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\ytbb.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/12/03 10:03:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/05 16:08:52 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2010/02/11 10:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 05:19:44 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/05/16 05:19:44 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013/05/16 04:55:06 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\62de81b8e55e21a20bc3770f982c7f61\ReachFramework.ni.dll
MOD - [2013/05/15 05:37:03 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 05:37:03 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 05:33:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/15 05:33:15 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/15 05:33:12 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/15 05:33:08 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/15 05:33:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/01/10 06:44:53 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 16:58:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 16:58:24 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 16:58:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 16:58:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/24 21:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/11 15:19:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/11 10:50:04 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\afasrv64.exe -- (AfaService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/25 05:40:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/25 05:40:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/25 05:40:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/05 14:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/04/24 21:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/03 10:04:10 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 05:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/07 20:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\pmemnt.sys -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9A B4 C5 E4 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {43FF024B-B6D4-477D-AFF6-FF1D0923410A}
IE - HKCU\..\SearchScopes\{43FF024B-B6D4-477D-AFF6-FF1D0923410A}: "URL" = http://search.yahoo....ms}&fr=chr-tyc9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/04/21 19:32:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/04/21 19:32:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/11/18 23:45:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/11/24 07:21:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Trusted Saver) - {11111111-1111-1111-1111-110311331132} - C:\Program Files (x86)\Trusted Saver\Trusted Saver-bho.dll (Trusted Saver)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs1818160.exe RunFromReg File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe File not found
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67BFE14F-B49D-407E-A7F2-CCB31337931D}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/06 08:16:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/04 01:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LessTabs
[2013/07/04 01:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusted Saver
[2013/07/03 05:53:58 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\New folder
[2013/06/27 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5D4E765F-7164-4926-9E1A-DFE740F4297E}
[2013/06/22 09:02:06 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{7D4C937A-B276-4EC4-9F74-6C4550C97714}
[2013/06/21 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{F9246003-D4FC-4173-8CB5-3D77BDA5C376}
[2013/06/20 12:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/06/20 12:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/06/16 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5E313202-6127-48CB-98C0-74EC9D10DE32}
[2013/06/15 19:29:27 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/15 19:29:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 06:41:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 06:41:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 06:41:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 06:41:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 06:41:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 06:41:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 06:41:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 06:41:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 06:41:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 06:41:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 06:41:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 06:41:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 06:41:24 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 06:38:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 06:38:33 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 06:38:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 06:38:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 06:38:31 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 06:38:30 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 06:38:30 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 06:38:30 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 06:38:29 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 06:38:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 06:38:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 06:38:24 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 06:38:24 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 10:38:13 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5113B6E5-038F-4377-8736-A8469F55F07F}
[2013/06/09 09:51:15 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{9A2A89C5-0EAB-47A8-91AB-62B48F1011D7}
[2013/06/08 10:00:56 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{22B42846-405B-4184-BD98-82985A67B34B}
[2012/10/12 11:38:53 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/07/06 08:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/06 08:08:28 | 000,000,000 | ---- | M] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/07/06 07:52:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004UA.job
[2013/07/06 07:47:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
[2013/07/06 07:47:00 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-updater.job
[2013/07/06 07:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-enabler.job
[2013/07/06 07:21:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 07:21:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 07:18:28 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/06 07:18:28 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/06 07:18:28 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/06 07:14:23 | 000,000,632 | RHS- | M] () -- C:\Users\Bee\ntuser.pol
[2013/07/06 07:14:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 07:13:56 | 3151,044,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/05 21:54:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBEE-HP$.job
[2013/07/04 22:52:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004Core.job
[2013/07/03 05:10:48 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBee.job
[2013/06/27 05:37:13 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/06/22 12:40:46 | 000,070,284 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,014,728 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.htm
[2013/06/22 12:40:46 | 000,007,676 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:40:36 | 000,014,566 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.bak
[2013/06/22 12:35:01 | 000,015,296 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.htm
[2013/06/22 12:35:01 | 000,015,292 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.bak
[2013/06/22 12:05:35 | 000,056,547 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,021,460 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.htm
[2013/06/22 12:05:35 | 000,006,654 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 12:05:30 | 000,021,456 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.bak
[2013/06/22 11:53:01 | 000,034,751 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.bak
[2013/06/22 11:53:01 | 000,033,000 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.htm
[2013/06/22 11:41:20 | 000,097,839 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/22 11:29:49 | 000,081,665 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.htm
[2013/06/22 11:29:48 | 000,081,676 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.bak
[2013/06/21 10:26:31 | 000,260,459 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.htm
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.bak
[2013/06/21 09:53:32 | 000,140,968 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg
[2013/06/11 15:19:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 15:19:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/09 12:56:03 | 000,166,155 | ---- | M] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner.jpg
[2013/06/09 12:56:03 | 000,011,875 | ---- | M] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner_thumb.jpg
[2013/06/09 11:04:46 | 000,042,232 | ---- | M] () -- C:\Users\Bee\Documents\Short Stories.htm
[2013/06/09 11:04:46 | 000,042,220 | ---- | M] () -- C:\Users\Bee\Documents\Short Stories.bak
[2013/06/09 11:02:30 | 000,012,106 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.htm
[2013/06/09 11:02:30 | 000,012,106 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.bak
[2013/06/09 11:00:37 | 000,018,911 | ---- | M] () -- C:\Users\Bee\Documents\Friend Search.htm
[2013/06/09 11:00:37 | 000,018,911 | ---- | M] () -- C:\Users\Bee\Documents\Friend Search.bak
[2013/06/09 10:52:12 | 000,015,183 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.htm
[2013/06/09 10:52:12 | 000,015,167 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.bak
[2013/06/09 10:48:44 | 000,123,054 | ---- | M] () -- C:\Users\Bee\Documents\Faces.htm
[2013/06/09 10:48:42 | 000,123,054 | ---- | M] () -- C:\Users\Bee\Documents\Faces.bak
[2013/06/09 10:47:18 | 000,079,834 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.htm
[2013/06/09 10:47:17 | 000,079,834 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.bak
[2013/06/09 10:45:59 | 000,051,220 | ---- | M] () -- C:\Users\Bee\Documents\Faces 4.htm
[2013/06/09 10:45:58 | 000,051,220 | ---- | M] () -- C:\Users\Bee\Documents\Faces 4.bak
[2013/06/09 10:44:37 | 000,045,825 | ---- | M] () -- C:\Users\Bee\Documents\Faces 6.htm
[2013/06/09 10:44:36 | 000,045,825 | ---- | M] () -- C:\Users\Bee\Documents\Faces 6.bak
[2013/06/09 10:42:47 | 000,038,111 | ---- | M] () -- C:\Users\Bee\Documents\Faces 10.htm
[2013/06/09 10:42:47 | 000,038,111 | ---- | M] () -- C:\Users\Bee\Documents\Faces 10.bak
[2013/06/09 10:41:37 | 000,018,411 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.bak
[2013/06/09 10:41:37 | 000,017,717 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.htm
[2013/06/09 10:27:41 | 000,038,374 | ---- | M] () -- C:\Users\Bee\Documents\Faces 3.htm
[2013/06/09 10:27:41 | 000,038,374 | ---- | M] () -- C:\Users\Bee\Documents\Faces 3.bak
[2013/06/09 10:07:52 | 000,019,539 | ---- | M] () -- C:\Users\Bee\Documents\index.htm
[2013/06/09 10:07:51 | 000,019,539 | ---- | M] () -- C:\Users\Bee\Documents\index.bak
[2013/06/09 09:58:42 | 000,021,605 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.htm
[2013/06/09 09:58:42 | 000,021,564 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.bak
[2013/06/09 09:56:33 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto.jpg
[2013/06/09 09:56:33 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto_thumb.jpg
[2013/06/09 09:38:25 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2.jpg
[2013/06/09 09:38:25 | 000,039,474 | ---- | M] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a.jpg
[2013/06/09 09:38:25 | 000,005,949 | ---- | M] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a_thumb.jpg
[2013/06/09 09:38:25 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2_thumb.jpg
[2013/06/09 09:28:42 | 000,123,472 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1.jpg
[2013/06/09 09:28:42 | 000,094,215 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1.jpg
[2013/06/09 09:28:42 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto.jpg
[2013/06/09 09:28:42 | 000,010,691 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1_thumb.jpg
[2013/06/09 09:28:42 | 000,009,208 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1_thumb.jpg
[2013/06/09 09:28:42 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto_thumb.jpg
[2013/06/09 08:34:51 | 000,045,421 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1.jpg
[2013/06/09 08:34:51 | 000,004,360 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1_thumb.jpg
[2013/06/09 08:22:16 | 000,146,696 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1.jpg
[2013/06/09 08:22:16 | 000,142,022 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3.jpg
[2013/06/09 08:22:16 | 000,045,750 | ---- | M] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front.jpg
[2013/06/09 08:22:16 | 000,044,683 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2.jpg
[2013/06/09 08:22:16 | 000,044,601 | ---- | M] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_1.jpg
[2013/06/09 08:22:16 | 000,043,878 | ---- | M] () -- C:\Users\Bee\Documents\HH and F-10.jpg
[2013/06/09 08:22:16 | 000,013,545 | ---- | M] () -- C:\Users\Bee\Documents\Jo Lee Smith-1.jpg
[2013/06/09 08:22:16 | 000,012,061 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1_thumb.jpg
[2013/06/09 08:22:16 | 000,011,743 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3_thumb.jpg
[2013/06/09 08:22:16 | 000,006,424 | ---- | M] () -- C:\Users\Bee\Documents\HH and F-10_thumb.jpg
[2013/06/09 08:22:16 | 000,005,778 | ---- | M] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front_thumb.jpg
[2013/06/09 08:22:16 | 000,004,428 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2_thumb.jpg
[2013/06/09 08:22:16 | 000,003,373 | ---- | M] () -- C:\Users\Bee\Documents\Jo Lee Smith-1_thumb.jpg
[2013/06/09 08:22:16 | 000,003,024 | ---- | M] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_thumb_1.jpg
[2013/06/09 07:14:59 | 000,098,023 | ---- | M] () -- C:\Users\Bee\Documents\News 2.bak
[2013/06/09 07:14:59 | 000,098,022 | ---- | M] () -- C:\Users\Bee\Documents\News 2.htm
[2013/06/08 07:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2013/07/06 08:08:28 | 000,000,000 | ---- | C] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/07/04 01:47:14 | 000,001,202 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-updater.job
[2013/07/04 01:47:06 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-enabler.job
[2013/07/04 01:47:04 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
[2013/06/22 12:40:46 | 000,070,284 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,007,676 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:05:35 | 000,056,547 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,006,654 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | C] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/21 10:26:31 | 000,260,459 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:53:32 | 000,140,968 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg
[2013/06/09 12:56:03 | 000,166,155 | ---- | C] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner.jpg
[2013/06/09 12:56:03 | 000,011,875 | ---- | C] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner_thumb.jpg
[2013/06/09 09:56:33 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto.jpg
[2013/06/09 09:56:33 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto_thumb.jpg
[2013/06/09 09:38:25 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2.jpg
[2013/06/09 09:38:25 | 000,039,474 | ---- | C] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a.jpg
[2013/06/09 09:38:25 | 000,005,949 | ---- | C] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a_thumb.jpg
[2013/06/09 09:38:25 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2_thumb.jpg
[2013/06/09 09:28:42 | 000,123,472 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1.jpg
[2013/06/09 09:28:42 | 000,094,215 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1.jpg
[2013/06/09 09:28:42 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto.jpg
[2013/06/09 09:28:42 | 000,010,691 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1_thumb.jpg
[2013/06/09 09:28:42 | 000,009,208 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1_thumb.jpg
[2013/06/09 09:28:42 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto_thumb.jpg
[2013/06/09 08:34:51 | 000,045,421 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1.jpg
[2013/06/09 08:34:51 | 000,004,360 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1_thumb.jpg
[2013/06/09 08:22:16 | 000,146,696 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1.jpg
[2013/06/09 08:22:16 | 000,142,022 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3.jpg
[2013/06/09 08:22:16 | 000,045,750 | ---- | C] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front.jpg
[2013/06/09 08:22:16 | 000,044,683 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2.jpg
[2013/06/09 08:22:16 | 000,044,601 | ---- | C] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_1.jpg
[2013/06/09 08:22:16 | 000,043,878 | ---- | C] () -- C:\Users\Bee\Documents\HH and F-10.jpg
[2013/06/09 08:22:16 | 000,012,061 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1_thumb.jpg
[2013/06/09 08:22:16 | 000,011,743 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3_thumb.jpg
[2013/06/09 08:22:16 | 000,006,424 | ---- | C] () -- C:\Users\Bee\Documents\HH and F-10_thumb.jpg
[2013/06/09 08:22:16 | 000,005,778 | ---- | C] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front_thumb.jpg
[2013/06/09 08:22:16 | 000,004,428 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2_thumb.jpg
[2013/06/09 08:22:16 | 000,003,373 | ---- | C] () -- C:\Users\Bee\Documents\Jo Lee Smith-1_thumb.jpg
[2013/06/09 08:22:16 | 000,003,024 | ---- | C] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_thumb_1.jpg
[2012/07/13 11:28:42 | 000,000,632 | RHS- | C] () -- C:\Users\Bee\ntuser.pol
[2012/05/27 15:38:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\afasrv64.exe
[2011/07/27 00:14:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

#2
Essexboy

Posted 06 July 2013 - 11:00 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi on completion of these runs can you let me know if the ads are still present

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (Trusted Saver) - {11111111-1111-1111-1111-110311331132} - C:\Program Files (x86)\Trusted Saver\Trusted Saver-bho.dll (Trusted Saver)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
[2013/06/20 12:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/06/20 12:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/07/04 01:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LessTabs
[2013/07/04 01:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusted Saver
[2013/07/06 07:47:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
[2013/07/06 07:47:00 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-updater.job
[2013/07/06 07:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-enabler.job

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

#3
Beetrix

Posted 06 July 2013 - 12:42 PM

Member

Topic Starter
Member
133 posts

Hi Essexboy,
Thank you for the quick response.

I didn't see any ads yet.

Here is the OTL

OTL logfile created on: 7/6/2013 11:15:33 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 70.90% Memory free
7.82 Gb Paging File | 6.57 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.84 Gb Total Space | 629.70 Gb Free Space | 91.95% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.64 Gb Free Space | 11.97% Space Free | Partition Type: NTFS

Computer Name: BEE | User Name: Bee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
PRC - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 05:35:03 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/12/03 10:03:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/05 16:08:52 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2010/02/11 10:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 05:19:44 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/05/16 05:19:44 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013/05/16 04:55:06 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\62de81b8e55e21a20bc3770f982c7f61\ReachFramework.ni.dll
MOD - [2013/05/15 05:37:03 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 05:37:03 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 05:33:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/15 05:33:15 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/15 05:33:12 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/15 05:33:08 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/15 05:33:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/01/10 06:44:53 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 16:58:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 16:58:24 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 16:58:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 16:58:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/24 21:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/11 15:19:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/11 10:50:04 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\afasrv64.exe -- (AfaService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/25 05:40:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/25 05:40:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/25 05:40:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/05 14:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/04/24 21:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/03 10:04:10 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 05:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/07 20:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\pmemnt.sys -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9A B4 C5 E4 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {43FF024B-B6D4-477D-AFF6-FF1D0923410A}
IE - HKCU\..\SearchScopes\{43FF024B-B6D4-477D-AFF6-FF1D0923410A}: "URL" = http://search.yahoo....ms}&fr=chr-tyc9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/04/21 19:32:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/04/21 19:32:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/11/18 23:45:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/11/24 07:21:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs1818160.exe RunFromReg File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe File not found
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67BFE14F-B49D-407E-A7F2-CCB31337931D}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/06 11:05:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/06 08:16:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/03 05:53:58 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\New folder
[2013/06/27 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5D4E765F-7164-4926-9E1A-DFE740F4297E}
[2013/06/22 09:02:06 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{7D4C937A-B276-4EC4-9F74-6C4550C97714}
[2013/06/21 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{F9246003-D4FC-4173-8CB5-3D77BDA5C376}
[2013/06/16 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5E313202-6127-48CB-98C0-74EC9D10DE32}
[2013/06/10 10:38:13 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5113B6E5-038F-4377-8736-A8469F55F07F}
[2013/06/09 09:51:15 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{9A2A89C5-0EAB-47A8-91AB-62B48F1011D7}
[2013/06/08 10:00:56 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{22B42846-405B-4184-BD98-82985A67B34B}
[2012/10/12 11:38:53 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/07/06 11:20:04 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/06 11:20:04 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/06 11:20:04 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/06 11:19:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/06 11:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 11:12:53 | 3151,044,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/06 10:52:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004UA.job
[2013/07/06 09:59:18 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBEE-HP$.job
[2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/06 08:08:28 | 000,000,000 | ---- | M] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/07/06 07:21:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 07:21:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 07:14:23 | 000,000,632 | RHS- | M] () -- C:\Users\Bee\ntuser.pol
[2013/07/04 22:52:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004Core.job
[2013/07/03 05:10:48 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBee.job
[2013/06/27 05:37:13 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/06/22 12:40:46 | 000,070,284 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,014,728 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.htm
[2013/06/22 12:40:46 | 000,007,676 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:40:36 | 000,014,566 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.bak
[2013/06/22 12:35:01 | 000,015,296 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.htm
[2013/06/22 12:35:01 | 000,015,292 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.bak
[2013/06/22 12:05:35 | 000,056,547 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,021,460 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.htm
[2013/06/22 12:05:35 | 000,006,654 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 12:05:30 | 000,021,456 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.bak
[2013/06/22 11:53:01 | 000,034,751 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.bak
[2013/06/22 11:53:01 | 000,033,000 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.htm
[2013/06/22 11:41:20 | 000,097,839 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/22 11:29:49 | 000,081,665 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.htm
[2013/06/22 11:29:48 | 000,081,676 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.bak
[2013/06/21 10:26:31 | 000,260,459 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.htm
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.bak
[2013/06/21 09:53:32 | 000,140,968 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg
[2013/06/09 12:56:03 | 000,166,155 | ---- | M] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner.jpg
[2013/06/09 12:56:03 | 000,011,875 | ---- | M] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner_thumb.jpg
[2013/06/09 11:04:46 | 000,042,232 | ---- | M] () -- C:\Users\Bee\Documents\Short Stories.htm
[2013/06/09 11:04:46 | 000,042,220 | ---- | M] () -- C:\Users\Bee\Documents\Short Stories.bak
[2013/06/09 11:02:30 | 000,012,106 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.htm
[2013/06/09 11:02:30 | 000,012,106 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.bak
[2013/06/09 11:00:37 | 000,018,911 | ---- | M] () -- C:\Users\Bee\Documents\Friend Search.htm
[2013/06/09 11:00:37 | 000,018,911 | ---- | M] () -- C:\Users\Bee\Documents\Friend Search.bak
[2013/06/09 10:52:12 | 000,015,183 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.htm
[2013/06/09 10:52:12 | 000,015,167 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.bak
[2013/06/09 10:48:44 | 000,123,054 | ---- | M] () -- C:\Users\Bee\Documents\Faces.htm
[2013/06/09 10:48:42 | 000,123,054 | ---- | M] () -- C:\Users\Bee\Documents\Faces.bak
[2013/06/09 10:47:18 | 000,079,834 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.htm
[2013/06/09 10:47:17 | 000,079,834 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.bak
[2013/06/09 10:45:59 | 000,051,220 | ---- | M] () -- C:\Users\Bee\Documents\Faces 4.htm
[2013/06/09 10:45:58 | 000,051,220 | ---- | M] () -- C:\Users\Bee\Documents\Faces 4.bak
[2013/06/09 10:44:37 | 000,045,825 | ---- | M] () -- C:\Users\Bee\Documents\Faces 6.htm
[2013/06/09 10:44:36 | 000,045,825 | ---- | M] () -- C:\Users\Bee\Documents\Faces 6.bak
[2013/06/09 10:42:47 | 000,038,111 | ---- | M] () -- C:\Users\Bee\Documents\Faces 10.htm
[2013/06/09 10:42:47 | 000,038,111 | ---- | M] () -- C:\Users\Bee\Documents\Faces 10.bak
[2013/06/09 10:41:37 | 000,018,411 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.bak
[2013/06/09 10:41:37 | 000,017,717 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.htm
[2013/06/09 10:27:41 | 000,038,374 | ---- | M] () -- C:\Users\Bee\Documents\Faces 3.htm
[2013/06/09 10:27:41 | 000,038,374 | ---- | M] () -- C:\Users\Bee\Documents\Faces 3.bak
[2013/06/09 10:07:52 | 000,019,539 | ---- | M] () -- C:\Users\Bee\Documents\index.htm
[2013/06/09 10:07:51 | 000,019,539 | ---- | M] () -- C:\Users\Bee\Documents\index.bak
[2013/06/09 09:58:42 | 000,021,605 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.htm
[2013/06/09 09:58:42 | 000,021,564 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.bak
[2013/06/09 09:56:33 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto.jpg
[2013/06/09 09:56:33 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto_thumb.jpg
[2013/06/09 09:38:25 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2.jpg
[2013/06/09 09:38:25 | 000,039,474 | ---- | M] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a.jpg
[2013/06/09 09:38:25 | 000,005,949 | ---- | M] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a_thumb.jpg
[2013/06/09 09:38:25 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2_thumb.jpg
[2013/06/09 09:28:42 | 000,123,472 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1.jpg
[2013/06/09 09:28:42 | 000,094,215 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1.jpg
[2013/06/09 09:28:42 | 000,075,647 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto.jpg
[2013/06/09 09:28:42 | 000,010,691 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1_thumb.jpg
[2013/06/09 09:28:42 | 000,009,208 | ---- | M] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1_thumb.jpg
[2013/06/09 09:28:42 | 000,004,860 | ---- | M] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto_thumb.jpg
[2013/06/09 08:34:51 | 000,045,421 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1.jpg
[2013/06/09 08:34:51 | 000,004,360 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1_thumb.jpg
[2013/06/09 08:22:16 | 000,146,696 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1.jpg
[2013/06/09 08:22:16 | 000,142,022 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3.jpg
[2013/06/09 08:22:16 | 000,045,750 | ---- | M] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front.jpg
[2013/06/09 08:22:16 | 000,044,683 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2.jpg
[2013/06/09 08:22:16 | 000,044,601 | ---- | M] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_1.jpg
[2013/06/09 08:22:16 | 000,043,878 | ---- | M] () -- C:\Users\Bee\Documents\HH and F-10.jpg
[2013/06/09 08:22:16 | 000,013,545 | ---- | M] () -- C:\Users\Bee\Documents\Jo Lee Smith-1.jpg
[2013/06/09 08:22:16 | 000,012,061 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1_thumb.jpg
[2013/06/09 08:22:16 | 000,011,743 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3_thumb.jpg
[2013/06/09 08:22:16 | 000,006,424 | ---- | M] () -- C:\Users\Bee\Documents\HH and F-10_thumb.jpg
[2013/06/09 08:22:16 | 000,005,778 | ---- | M] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front_thumb.jpg
[2013/06/09 08:22:16 | 000,004,428 | ---- | M] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2_thumb.jpg
[2013/06/09 08:22:16 | 000,003,373 | ---- | M] () -- C:\Users\Bee\Documents\Jo Lee Smith-1_thumb.jpg
[2013/06/09 08:22:16 | 000,003,024 | ---- | M] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_thumb_1.jpg
[2013/06/09 07:14:59 | 000,098,023 | ---- | M] () -- C:\Users\Bee\Documents\News 2.bak
[2013/06/09 07:14:59 | 000,098,022 | ---- | M] () -- C:\Users\Bee\Documents\News 2.htm

========== Files Created - No Company Name ==========

[2013/07/06 08:08:28 | 000,000,000 | ---- | C] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/06/22 12:40:46 | 000,070,284 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,007,676 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:05:35 | 000,056,547 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,006,654 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | C] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/21 10:26:31 | 000,260,459 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:53:32 | 000,140,968 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg
[2013/06/09 12:56:03 | 000,166,155 | ---- | C] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner.jpg
[2013/06/09 12:56:03 | 000,011,875 | ---- | C] () -- C:\Users\Bee\Documents\1-Rick Nelson-Randy Meisner_thumb.jpg
[2013/06/09 09:56:33 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto.jpg
[2013/06/09 09:56:33 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\2-Nobby, Toni and Beto_thumb.jpg
[2013/06/09 09:38:25 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2.jpg
[2013/06/09 09:38:25 | 000,039,474 | ---- | C] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a.jpg
[2013/06/09 09:38:25 | 000,005,949 | ---- | C] () -- C:\Users\Bee\Documents\Dave-Vaught-Cheryl-Bob-Tony Kachenoff-a_thumb.jpg
[2013/06/09 09:38:25 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto-2_thumb.jpg
[2013/06/09 09:28:42 | 000,123,472 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1.jpg
[2013/06/09 09:28:42 | 000,094,215 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1.jpg
[2013/06/09 09:28:42 | 000,075,647 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto.jpg
[2013/06/09 09:28:42 | 000,010,691 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-dancing-1_thumb.jpg
[2013/06/09 09:28:42 | 000,009,208 | ---- | C] () -- C:\Users\Bee\Documents\Toni Kaschenoff-Dick Clark show-1_thumb.jpg
[2013/06/09 09:28:42 | 000,004,860 | ---- | C] () -- C:\Users\Bee\Documents\Nobby, Toni and Beto_thumb.jpg
[2013/06/09 08:34:51 | 000,045,421 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1.jpg
[2013/06/09 08:34:51 | 000,004,360 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy and Lisa-1_thumb.jpg
[2013/06/09 08:22:16 | 000,146,696 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1.jpg
[2013/06/09 08:22:16 | 000,142,022 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3.jpg
[2013/06/09 08:22:16 | 000,045,750 | ---- | C] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front.jpg
[2013/06/09 08:22:16 | 000,044,683 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2.jpg
[2013/06/09 08:22:16 | 000,044,601 | ---- | C] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_1.jpg
[2013/06/09 08:22:16 | 000,043,878 | ---- | C] () -- C:\Users\Bee\Documents\HH and F-10.jpg
[2013/06/09 08:22:16 | 000,012,061 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet with Ray Smith center-1_thumb.jpg
[2013/06/09 08:22:16 | 000,011,743 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-3_thumb.jpg
[2013/06/09 08:22:16 | 000,006,424 | ---- | C] () -- C:\Users\Bee\Documents\HH and F-10_thumb.jpg
[2013/06/09 08:22:16 | 000,005,778 | ---- | C] () -- C:\Users\Bee\Documents\heads hands & feet - home from home (the missing album) 1970 front_thumb.jpg
[2013/06/09 08:22:16 | 000,004,428 | ---- | C] () -- C:\Users\Bee\Documents\Heads-Hands- and Feet-2_thumb.jpg
[2013/06/09 08:22:16 | 000,003,373 | ---- | C] () -- C:\Users\Bee\Documents\Jo Lee Smith-1_thumb.jpg
[2013/06/09 08:22:16 | 000,003,024 | ---- | C] () -- C:\Users\Bee\Documents\Mario and Stephanie-Jo-Lee Jorgensen Smith daughter_thumb_1.jpg
[2012/07/13 11:28:42 | 000,000,632 | RHS- | C] () -- C:\Users\Bee\ntuser.pol
[2012/05/27 15:38:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\afasrv64.exe
[2011/07/27 00:14:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/21 05:16:35 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Affixa
[2012/11/20 05:19:48 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Blio
[2012/07/25 11:38:50 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/02 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Cyberduck
[2012/05/14 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\DisplayTune
[2012/09/23 21:00:14 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\DriverCure
[2012/06/21 16:03:47 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\IBM
[2013/07/03 06:02:45 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Mapi2Xml
[2012/05/15 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\WinBatch
[2012/12/02 07:02:54 | 000,000,000 | -HSD | M] -- C:\Users\Bee\AppData\Roaming\wyUpdate AU

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Here is the AdwCleaner log

# AdwCleaner v2.304 - Logfile created 07/06/2013 at 11:32:59
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bee - BEE
# Boot Mode : Normal
# Running from : C:\Users\Bee\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Bee\AppData\Roaming\DriverCure

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033332.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033332.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033332.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033332.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1960 octets] - [21/11/2012 07:24:41]
AdwCleaner[S2].txt - [1991 octets] - [21/11/2012 07:25:12]
AdwCleaner[S3].txt - [3017 octets] - [21/03/2013 05:49:39]
AdwCleaner[S4].txt - [2985 octets] - [06/07/2013 11:32:59]

########## EOF - C:\AdwCleaner[S4].txt - [3045 octets] ##########

#4
Essexboy

Posted 06 July 2013 - 12:48 PM

GeekU Moderator

Retired Staff
69,964 posts

Looks good, take it for a surf around and if you are happy let me know and I will tidy up

#5
Beetrix

Posted 06 July 2013 - 01:42 PM

Member

Topic Starter
Member
133 posts

That was so fast! Last time it took me days to clean it up!
I will check everything out!
Thank you, Beetrix

#6
Essexboy

Posted 06 July 2013 - 01:53 PM

GeekU Moderator

Retired Staff
69,964 posts

My pleasure, let me know when you are happy

#7
Beetrix

Posted 06 July 2013 - 01:57 PM

Member

Topic Starter
Member
133 posts

There is one important site that opens, but the pages I need to get to will not.
I had no problems before the ads started going crazy on my computer.

#8
Essexboy

Posted 06 July 2013 - 03:23 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you give me a link for the page please

#9
Beetrix

Posted 06 July 2013 - 03:30 PM

Member

Topic Starter
Member
133 posts

Here it is:
http://www.dfeh.ca.gov/

#10
Essexboy

Posted 06 July 2013 - 03:39 PM

GeekU Moderator

Retired Staff
69,964 posts

OK the site is active, what error do you get when you try to access it ?

#11
Essexboy

Posted 06 July 2013 - 03:49 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I have just checked deeper and all the sub pages are offline

#12
Beetrix

Posted 06 July 2013 - 04:57 PM

Member

Topic Starter
Member
133 posts

Ok, thank you. I will watch my pages to make sure nothing else pops up. :thumbsup:

Edited by Beetrix, 06 July 2013 - 05:03 PM.

#13
Essexboy

Posted 07 July 2013 - 03:10 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#14
Beetrix

Posted 08 July 2013 - 11:00 AM

Member

Topic Starter
Member
133 posts

Good morning Essexboy,
Before I start the cleanup, I went to Yahoo page this morning and below the Yahoo search bar
and above their advertising screen (or video screen) there was a large ad in the same location
that the others were present and I am not sure if it should have been there. It did have and x where
I could close it and it hasn't appeared after I restarted my computer.
Give me a couple of days if you can, so I can watch to see if anything starts flashing or out of
the ordinary.
Thanks, Beetrix