OTL logfile created on: 01/02/2015 20:40:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.19% Memory free
6.20 Gb Paging File | 3.94 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 86.77 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.88 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2015/02/01 20:39:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2015/02/01 20:30:24 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Downloads\tdsskiller(1).exe
PRC - [2015/01/29 15:51:37 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015/01/27 02:18:39 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014/12/10 01:33:10 | 002,561,848 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014/11/24 02:18:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/24 02:17:36 | 003,192,344 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2014/11/24 02:17:33 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/29 16:18:30 | 004,826,904 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2013/12/06 14:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/12/06 14:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/12/06 14:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/08 09:54:00 | 003,246,944 | ---- | M] (PANTERASoft) -- C:\Program Files\HDD Health\hddhealth.exe
PRC - [2013/03/08 09:54:00 | 000,017,760 | ---- | M] () -- C:\Program Files\HDD Health\HDDHealthService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
========== Modules (No Company Name) ========== MOD - [2015/01/29 15:51:35 | 003,925,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/11/24 02:18:09 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
========== Services (SafeList) ========== SRV - [2015/01/24 21:47:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/23 13:37:59 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/11/24 02:18:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/11/24 02:17:36 | 003,192,344 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2014/11/24 02:17:33 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/06 14:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/06 14:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/08/14 14:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/08 09:54:00 | 000,017,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HDD Health\HDDHealthService.exe -- (HDDHealth)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2015/02/01 20:33:53 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/12/10 18:22:20 | 000,047,928 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys -- (ESProtectionDriver)
DRV - [2014/11/24 02:18:39 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/11/24 02:18:36 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/11/24 02:18:12 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/11/24 02:18:12 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/11/24 02:18:12 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/11/24 02:18:12 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/11/24 02:18:12 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/11/24 02:18:12 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/11/24 02:17:55 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2014/11/24 02:17:36 | 000,218,192 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2014/11/24 02:17:33 | 000,253,640 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/08/02 21:52:35 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/12/06 14:47:12 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/09/12 16:24:14 | 000,032,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gttap1.sys -- (gttap1)
DRV - [2013/06/21 00:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(
www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/21 00:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(
www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/12/10 20:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
https://uk.yahoo.com?fr=hp-avast&type=avastbclIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://uk.yahoo.com?fr=hp-avast&type=avastbclIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://uk.yahoo.com?fr=hp-avast&type=avastbclIE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google (avast)"
FF - prefs.js..browser.search.defaultenginename: "Google (avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google (avast)"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search/?trackid=sp-006"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Google (avast)"
FF - prefs.js..browser.search.selectedEngine: "Google (avast)"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/?trackid=sp-006"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search/?trackid=sp-006"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 12:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/08 14:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/08 14:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/02/01 20:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/01/23 13:37:46 | 000,000,000 | ---D | M]
[2012/07/03 04:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2015/01/27 19:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\y0t440si.default-1422297887428\extensions
[2015/01/27 18:56:39 | 000,002,428 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\y0t440si.default-1422297887428\searchplugins\google-avast.xml
[2015/01/23 13:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/01/29 15:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 14:27:18 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ========== CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.9.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.18_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/10/19 21:16:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.1.1 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2015/02/01 20:39:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2015/01/26 18:44:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data
[2015/01/23 13:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/01/16 09:14:19 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/12/28 14:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ========== [2015/02/01 20:39:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2015/02/01 20:33:53 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2015/02/01 20:32:43 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/01 20:32:43 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/01 20:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/01 19:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/27 18:56:39 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/01/27 00:43:11 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/24 21:47:10 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/01/24 21:47:10 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/01/23 12:15:40 | 000,026,416 | ---- | M] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2015/01/08 09:55:52 | 000,249,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ========== [2015/01/23 12:15:40 | 000,026,416 | ---- | C] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2014/11/06 21:03:07 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{58A3253E-0601-4F77-827A-75E8523B55B2}
[2014/10/13 00:06:20 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2014/10/13 00:06:20 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2014/08/02 21:53:39 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/08/02 21:53:37 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/08/02 21:53:36 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/06 02:09:19 | 000,000,000 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/03/15 03:48:39 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS
[2013/08/24 20:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/24 20:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/24 20:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/10 18:39:44 | 000,029,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/02 11:53:21 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/06 13:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 11:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2012/06/03 08:55:32 | 000,048,640 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 10:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/13 08:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 08:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 07:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 14:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 14:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 13:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2014/08/02 21:55:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVAST Software
[2012/03/30 07:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/03/25 05:27:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HDDHealth
[2012/03/18 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2014/09/05 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Motorola
[2014/09/05 21:30:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Motorola Mobility
[2012/03/19 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/04/08 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/10/24 10:24:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/15 23:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2014/06/02 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/12/23 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 01/02/2015 20:40:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.19% Memory free
6.20 Gb Paging File | 3.94 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 86.77 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.88 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DE71E728-C03E-4E59-9525-ACC11388734F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12BEC677-E9D6-44B9-BABE-F2063712476A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{302B31C3-170B-4314-B46B-37875751AF0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{54579A10-24FE-4502-A37B-26E9BD8C3E29}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{548FDE5A-8AC2-4C5E-B687-603C092943FA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{666EC536-9390-41DD-87C5-3F303A0CFA0E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{89F6D647-8024-4E1F-8497-2A7AE8708831}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{95C5F95E-62D7-4526-9C15-BCE6ABA4F874}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BDB656A6-F21B-4A0C-86D3-F2418952360B}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
"{CA0F85E5-0EAF-4919-9CB5-07A246279526}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{CB3C9927-8511-4003-A2F9-0F8653F9F993}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E666F7E6-14C7-46A7-AEBB-325E67946372}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FB1F78D0-52F6-4C07-939F-DC10CB5FD0DA}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 5.1.0.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A55747C1-4651-433D-B082-478874FF7516}" = Motorola Mobile Drivers Installation 6.3.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Avast" = Avast Internet Security
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBCD" = EasyBCD 1.7
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"Google Chrome" = Google Chrome
"HDD Health_is1" = HDD Health v4.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 1.05.1.1016
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"Skitch 1.0.2.0" = Skitch
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"YouTube Downloader App" = YouTube Downloader App 3.00
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 10/12/2014 06:12:03 | Computer Name = DELL-530 | Source = Perflib | ID = 1008
Description =
Error - 10/12/2014 18:25:17 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 10/12/2014 18:25:17 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 20/12/2014 15:24:58 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 34.0.5.5443 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 18b4 Start Time: 01d01919f554036c Termination Time: 156
Error - 26/12/2014 18:52:46 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 26/12/2014 18:52:46 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 16/01/2015 04:54:51 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 34.0.5.5443 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f0c Start Time: 01d031690be452af Termination Time: 18
Error - 16/01/2015 05:25:39 | Computer Name = DELL-530 | Source = Perflib | ID = 1010
Description =
Error - 16/01/2015 05:25:40 | Computer Name = DELL-530 | Source = Perflib | ID = 1008
Description =
Error - 27/01/2015 14:56:39 | Computer Name = DELL-530 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 35.0.0.5486, time
stamp 0x54af7153, faulting module mozalloc.dll, version 35.0.0.5486, time stamp
0x54af69d4, exception code 0x80000003, fault offset 0x00001425, process id 0x1cbc,
application start time 0x01d03a62c9469320.
[ System Events ]
Error - 16/01/2015 04:46:29 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 07:46:33 on 15/01/2015 was unexpected.
Error - 16/01/2015 04:49:38 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7009
Description =
Error - 16/01/2015 04:49:38 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7000
Description =
Error - 16/01/2015 04:50:34 | Computer Name = DELL-530 | Source = DCOM | ID = 10005
Description =
Error - 16/01/2015 04:50:34 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7009
Description =
Error - 16/01/2015 04:50:34 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7000
Description =
Error - 16/01/2015 04:53:52 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7022
Description =
Error - 16/01/2015 04:55:06 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001EC982BAAF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 29/01/2015 11:47:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7011
Description =
Error - 01/02/2015 16:32:37 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:31:26 on 01/02/2015 was unexpected.
< End of report >