Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with hotstartsearch.com ! ! Help Please [Solved]


  • This topic is locked This topic is locked

#1
pierceshannon

pierceshannon

    New Member

  • Member
  • Pip
  • 7 posts
I seem to be infected with hotstartsearch.com. Every time I have my browser (chrome) open and do a search another tab opens with a "hotstartsearch.com" search with ads etc.. The original search is open but on a tab to the left of the hotstartsearch one. I have attached a screen capture.

Here is my OTL log followed by the Extras log.

Thank you so much. This has been plaguing me for several weeks.

pierceshannon

OTL logfile created on: 5/22/2013 3:40:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierce\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.77% Memory free
7.87 Gb Paging File | 6.15 Gb Available in Paging File | 78.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 113.01 Gb Free Space | 75.87% Space Free | Partition Type: NTFS

Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
PRC - [2013/05/17 14:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/26 06:30:00 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2010/01/08 15:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/17 14:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll
MOD - [2013/05/17 14:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
MOD - [2013/05/17 14:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
MOD - [2013/05/17 14:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll
MOD - [2013/05/17 14:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll
MOD - [2013/05/17 14:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/26 06:30:00 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/06 20:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 00 87 D5 1B 04 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: avast! Online Security = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: Bing wallpaper for Google homepage. = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignkobhlkpgjcpkfgfohhdgdaldfaoni\7.6_0\
CHR - Extension: View Background Image = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnjokagadbonknppgkjgjpiolcijbmg\0.3_0\
CHR - Extension: Hover Zoom = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.18_0\
CHR - Extension: Gmail = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Fast Free Converter 4.1) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{570FC770-BB41-4CB6-ADF3-A87ECEB7EB16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB6CA4F8-BE65-4CB4-ABC3-AB735CE07EEF}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECEB4288-5A57-41BA-9011-606A6BA93FCF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 15:38:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013/05/18 09:56:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/18 07:44:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/18 07:37:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/18 06:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/18 06:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/18 06:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/18 06:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/18 06:40:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/17 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/15 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Malwarebytes
[2013/05/15 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/12 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Mozilla
[2013/05/09 05:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio
[2013/05/09 05:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube to MP3 Converter Studio
[2013/05/08 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2013/05/08 20:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Free Converter
[2013/05/08 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\Programs
[2013/04/30 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Adobe
[2013/04/26 06:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/04/26 06:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software

========== Files - Modified Within 30 Days ==========

[2013/05/22 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013/05/22 14:56:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1988386779-3879883095-993144859-1000UA.job
[2013/05/22 14:56:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:46:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:46:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:43:00 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/22 14:43:00 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/22 14:43:00 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/22 14:38:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 14:38:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/22 14:38:09 | 3170,344,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 19:38:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/21 19:34:07 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1988386779-3879883095-993144859-1000Core.job
[2013/05/21 15:57:05 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/15 15:59:12 | 000,275,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/14 16:12:26 | 003,544,933 | ---- | M] () -- C:\Users\Pierce\Desktop\Screen shot 2013-05-08 at 7.47.01 PM.png
[2013/05/09 05:34:31 | 000,001,257 | ---- | M] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 05:34:31 | 000,001,233 | ---- | M] () -- C:\Users\Pierce\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 01:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 01:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 01:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/08 20:00:42 | 000,000,032 | ---- | M] () -- C:\END
[2013/04/30 08:22:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 08:22:24 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/26 06:49:40 | 000,002,074 | ---- | M] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/26 06:49:40 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

========== Files Created - No Company Name ==========

[2013/05/18 06:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/18 06:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/18 06:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/18 06:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/18 06:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/14 16:12:26 | 003,544,933 | ---- | C] () -- C:\Users\Pierce\Desktop\Screen shot 2013-05-08 at 7.47.01 PM.png
[2013/05/09 05:34:31 | 000,001,257 | ---- | C] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 05:34:31 | 000,001,233 | ---- | C] () -- C:\Users\Pierce\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013/05/08 20:00:40 | 000,000,032 | ---- | C] () -- C:\END
[2013/04/30 08:22:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 08:22:24 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/26 06:49:40 | 000,002,074 | ---- | C] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/26 06:49:40 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/02/05 22:13:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/02/05 20:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/05 23:28:15 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\DVDVideoSoft
[2013/04/26 06:49:52 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Foxit Software
[2013/05/19 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio

========== Purity Check ==========



< End of report >


EXTRAS

OTL Extras logfile created on: 5/22/2013 3:40:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierce\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.77% Memory free
7.87 Gb Paging File | 6.15 Gb Available in Paging File | 78.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 113.01 Gb Free Space | 75.87% Space Free | Partition Type: NTFS

Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BCB4FF-6ED6-4487-99CD-70660C4709AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CE73577-D7B6-458C-98F2-4EAE1DFE7AF9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1BABBB1B-5BAE-4275-AC6E-2F388498F247}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24B56F24-C7BA-42B1-85E7-4024753EA208}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30AE5581-1870-4F4F-9549-90E3E1591A8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{43F472E4-6906-4273-9772-43BBE1DF6CE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B1C720A-D0CB-4061-ABC5-5589206C28BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B9D02AB-BAD4-4456-A957-05D5245E15DF}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{500D7DFA-EEB2-416B-A710-89D370D26E8B}" = lport=138 | protocol=17 | dir=in | app=system |
"{550276A1-5F50-41FE-ACE2-54CCED828A2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B2DED29-8B2D-46F5-A826-126833B2F625}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BBBC68B-8383-4501-A5C1-7B74AF7ACBED}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{677C4DAC-9FB9-4366-B0A2-EC4883943191}" = lport=10243 | protocol=6 | dir=in | app=system |
"{67EA56A2-62D5-41C6-89D5-B078BE5D0FF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72908D37-B78C-415F-9B45-97315FC89770}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77836CE7-A06E-4CDC-95A4-49AD9AE2BDEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{7FF697DC-0C86-446D-9F99-051FA8E3C9E7}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{8E1C1A06-57C7-483D-82CB-E0F6516569BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{940B80EE-1B7C-49F4-9E9F-8A8E10C2DEE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F7C8FCB-F25A-4D75-9A45-B689BE6C631B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3F1AEC2-6D54-48D4-B3E8-AB074B7D1C36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4305059-254C-4B95-8673-674F915D8245}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4380DC6-4FBE-412B-9E95-54CBD3F4E7AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD7282AD-8ECF-438A-B22F-7DE1829BE91B}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD4106C-939A-4937-9F6A-2B3F167F396F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0D882547-C9B3-4012-BE01-8088C217FC05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10D0E229-E812-4E6B-9FAC-541F26F1DA7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{199B9133-D4FA-4924-B903-B2CA6ECAA2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{217657B2-0321-4358-BBCC-F267D5BD60B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27FC006E-BDB6-4948-926A-E1D177E88AF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A0ADA3B-B14A-4944-BEDE-F9DD7FC127D9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4097499E-A86A-4707-AB29-B6539E2B9D78}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42F05F5B-04B9-4E5D-BEC8-F4F3F0A93C97}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{60AD8C76-800E-4FB6-92C5-CFBC10CB88B4}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |
"{69FBDF1B-0810-41BF-9E4C-DED70C881705}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EE49DA0-90FB-4916-A18F-6CE4BB1E2E9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5DEDA6-DE66-450B-8AD0-AAA86BAFFCC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{880358E7-AD78-4D09-81CF-B4640777A8AC}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{8B43AFD1-88E4-42F9-AD71-9D22F4C6A694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92523A95-D8CA-4F15-91BB-EDBA208E1510}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9378B315-B197-4F42-8AA5-6E6C6A616B6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94055DF7-379B-4DBB-BD61-F4FBA31E4E33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98C4C858-E4FE-481E-B42F-06427A0C6ABD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E65FC1B-62AC-42F9-9419-F4B6856DC582}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2B97D9D-64C2-4ABF-97CE-2F6E9B0C570D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A34F40C3-6E13-4915-AD35-1D97AA368A36}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A8B9630F-6A81-4EB0-AC5C-8018D4AB1D36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC8289B6-6DF1-4A72-8B3F-53A5B65CF266}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFE54361-2C5E-445C-90E4-5CE5C2B8A1D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B01433BC-02EE-40CC-AF2B-EA5409495ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B94AD28B-B46F-4B02-9A73-7E5DEF7EEC7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB08E119-6863-47B1-BE3B-8122260614FB}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |
"{C66601B5-F345-4123-AA5D-BD2BA1AC45CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA0C9581-F89D-4365-99B2-53F520196347}" = protocol=6 | dir=out | app=system |
"{D72B372C-318F-43D4-88F9-FE9DCB1BD35A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F33EF008-BBBA-482B-82ED-40B72B6E2060}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F5950694-5094-48CB-BD3B-9AB7F03C4E90}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F3448416-D3D7-4DBA-B982-4AEB064D9473}" = NWZ-E470 E570 WALKMAN Guide
"avast" = avast! Free Antivirus
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 7.4
"FrostWire 5" = FrostWire 5.5.3
"Google Chrome" = Google Chrome
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2013 9:27:45 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2013 9:27:45 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1244342

Error - 5/19/2013 9:27:45 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1244342

Error - 5/19/2013 9:27:46 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2013 9:27:46 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1245388

Error - 5/19/2013 9:27:46 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1245388

Error - 5/19/2013 9:27:47 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2013 9:27:48 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1246402

Error - 5/19/2013 9:27:48 PM | Computer Name = Pierce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1246402

Error - 5/21/2013 10:16:00 AM | Computer Name = Pierce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: aswWebRepIE.dll_unloaded, version:
0.0.0.0, time stamp: 0x5137d145 Exception code: 0xc0000005 Fault offset: 0x72ae60e8
Faulting
process id: 0x7c0 Faulting application start time: 0x01ce562dad6bb126 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
aswWebRepIE.dll Report Id: f5f2b65a-c220-11e2-877e-00218667fa63

[ System Events ]
Error - 5/21/2013 6:29:35 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/21/2013 8:41:57 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/21/2013 9:11:09 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/21/2013 10:34:04 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/21/2013 10:39:36 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43015
Description = I2c return failed

Error - 5/21/2013 10:39:38 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 5/21/2013 10:39:38 PM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/22/2013 8:55:10 AM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43015
Description = I2c return failed

Error - 5/22/2013 8:55:14 AM | Computer Name = Pierce-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 5/22/2013 8:55:14 AM | Computer Name = Pierce-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

Advertisements


#2
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Screen Shot.jpg
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}: "URL" = http://isearch.fanta...q={searchTerms}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#4
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for all your help. The logs you requested are below.

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 11:26:26
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Pierce - PIERCE-PC
# Boot Mode : Normal
# Running from : C:\Users\Pierce\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\Software\PIP
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.93

File : C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [969 octets] - [23/05/2013 11:26:26]

########## EOF - C:\AdwCleaner[S1].txt - [1028 octets] #######

OTL logfile created on: 5/23/2013 12:06:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierce\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.29% Memory free
7.87 Gb Paging File | 6.04 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 112.79 Gb Free Space | 75.73% Space Free | Partition Type: NTFS

Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
PRC - [2013/05/17 14:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\Pierce\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/26 06:30:00 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2010/01/08 15:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/17 14:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll
MOD - [2013/05/17 14:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
MOD - [2013/05/17 14:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
MOD - [2013/05/17 14:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll
MOD - [2013/05/17 14:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll
MOD - [2013/05/17 14:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/26 06:30:00 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/06 20:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 00 87 D5 1B 04 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pierce\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: avast! Online Security = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: Bing wallpaper for Google homepage. = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignkobhlkpgjcpkfgfohhdgdaldfaoni\7.6_0\
CHR - Extension: View Background Image = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnjokagadbonknppgkjgjpiolcijbmg\0.3_0\
CHR - Extension: Hover Zoom = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.18_0\
CHR - Extension: Gmail = C:\Users\Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/23 11:20:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Fast Free Converter 4.1) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{570FC770-BB41-4CB6-ADF3-A87ECEB7EB16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB6CA4F8-BE65-4CB4-ABC3-AB735CE07EEF}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECEB4288-5A57-41BA-9011-606A6BA93FCF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 11:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/22 15:38:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013/05/18 09:56:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/18 07:44:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/18 07:37:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/18 06:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/18 06:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/18 06:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/18 06:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/18 06:40:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/17 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/15 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Malwarebytes
[2013/05/15 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/12 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Mozilla
[2013/05/09 05:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio
[2013/05/09 05:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube to MP3 Converter Studio
[2013/05/08 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2013/05/08 20:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Free Converter
[2013/05/08 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\Programs
[2013/04/30 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Adobe
[2013/04/26 06:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/04/26 06:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software

========== Files - Modified Within 30 Days ==========

[2013/05/23 11:56:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1988386779-3879883095-993144859-1000UA.job
[2013/05/23 11:56:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 11:36:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 11:36:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 11:33:24 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/23 11:33:24 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 11:33:24 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 11:28:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 11:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 11:28:41 | 3170,344,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 11:25:49 | 000,632,031 | ---- | M] () -- C:\Users\Pierce\Desktop\adwcleaner.exe
[2013/05/23 11:20:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/22 18:56:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1988386779-3879883095-993144859-1000Core.job
[2013/05/22 15:57:38 | 000,122,480 | ---- | M] () -- C:\Users\Pierce\Desktop\Screen Shot.jpg
[2013/05/22 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013/05/21 19:38:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/21 15:57:05 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/15 15:59:12 | 000,275,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/14 16:12:26 | 003,544,933 | ---- | M] () -- C:\Users\Pierce\Desktop\Screen shot 2013-05-08 at 7.47.01 PM.png
[2013/05/09 05:34:31 | 000,001,257 | ---- | M] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 05:34:31 | 000,001,233 | ---- | M] () -- C:\Users\Pierce\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 01:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 01:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 01:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/04/30 08:22:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 08:22:24 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/26 06:49:40 | 000,002,074 | ---- | M] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/26 06:49:40 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

========== Files Created - No Company Name ==========

[2013/05/23 11:25:43 | 000,632,031 | ---- | C] () -- C:\Users\Pierce\Desktop\adwcleaner.exe
[2013/05/22 15:57:38 | 000,122,480 | ---- | C] () -- C:\Users\Pierce\Desktop\Screen Shot.jpg
[2013/05/18 06:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/18 06:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/18 06:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/18 06:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/18 06:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/14 16:12:26 | 003,544,933 | ---- | C] () -- C:\Users\Pierce\Desktop\Screen shot 2013-05-08 at 7.47.01 PM.png
[2013/05/09 05:34:31 | 000,001,257 | ---- | C] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube to MP3 Converter Studio.lnk
[2013/05/09 05:34:31 | 000,001,233 | ---- | C] () -- C:\Users\Pierce\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013/04/30 08:22:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 08:22:24 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/26 06:49:40 | 000,002,074 | ---- | C] () -- C:\Users\Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/26 06:49:40 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/02/05 22:13:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/02/05 20:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/05 23:28:15 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\DVDVideoSoft
[2013/04/26 06:49:52 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Foxit Software
[2013/05/19 21:53:28 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Free YouTube to MP3 Converter Studio

========== Purity Check ==========



< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that it has now gone
  • 0

#6
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No! It's still popping up in my Chrome Browser.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you will need to reset Chrome manually details are here https://support.goog...wer/95314?hl=en let me know if it works
  • 0

#8
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
May i clarify what i am to do. i have reset my homepage (your link) and cleared all history, cookies, etc. (all available items) back to "the beginning of time". Infection still present!
Thank you again for your help.
pierceshannon
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm it is still in Chrome ?

Open Avast
Select Browser Cleanup


Select Chrome on the left


If hotbar is there select disable
  • 0

#10
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Essexboy,

i did all the things you last recommended, to no avail. i then went to tools on the Google Chrome homepage and clicked extensions, just to check, and disabled all of them. Lo and behold, hotstartsearch disappeared!!! i then added them back in one at a time and isolated the last one installed as the offending one. Unfortunately i became so excited i trashed it without recording it's name. My Google Chrome seems to be working fine now... Do you have any suggestions for me to keep it that way? Thank you for your help, time and patience~~~>> Keep up the good work :-) Thanks again!, Pierce :thumbsup:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and select Uninstall ]

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
pierceshannon

pierceshannon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
essexboy,

i followed you instructions for clean-up... Installed Malwarebytes, FileHippo, signed-up with Trusteer Report and checked Windows Updates...Everything is working fine now with no further problems...

Again i want to thank you for all your help!!! :thumbsup: Keep up the good work! Pierce
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, enjoy :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP