Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

High physical memory/CPU usage. Possible malware or other reasons. [Cl

Started by hakuinwonderland , Nov 14 2011 05:22 PM

  • This topic is locked This topic is locked

#1
hakuinwonderland
Posted 14 November 2011 - 05:22 PM

hakuinwonderland

    New Member

  • Member
  • Pip
  • 4 posts
As it says in the topic title.. The physical memory on my computer is usually quite high. I think the lowest it ever is, is around 50-70%. I don't know if that's normal. Lately both the physical memory and cpu usage have been getting really high and I don't know why. My computer has a Vista OS and my cousin says that Vista tends to use a lot of memory. My cousin also says that possible reasons could be malware, spyware, a virus, or even a memory leak. I'm not really sure what a memory leak is, but I'd like to see if that is what is causing the problem or if it is one of the other things I mentioned. Can someone please help?

I scanned with OldTimer.. Here is the report.


OTL logfile created on: 11/14/2011 6:03:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Krys\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.21 Mb Total Physical Memory | 282.74 Mb Available Physical Memory | 27.91% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 161.61 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.93 Gb Free Space | 59.26% Space Free | Partition Type: NTFS

Computer Name: RACHEL-PC | User Name: Krys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Krys\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\Krys\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxcgcoms.exe ( )
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll ()
MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll ()
MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll ()
MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll ()
MOD - C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (FlipShare Service) -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Krys\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Krys\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/25 17:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/07/29 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011/10/18 00:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 4.0.5\extensions\\Components: C:\Program Files\Pale Moon\components [2011/05/29 07:56:58 | 000,000,000 | ---D | M]

[2011/05/24 00:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krys\AppData\Roaming\Mozilla\Extensions
[2009/08/13 02:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krys\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/12/22 09:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krys\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/24 00:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 13:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 18:45:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/07/25 16:09:53 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\PROGRAM FILES\PALE MOON\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KRYS\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\V2BHUXJY.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\KRYS\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\V2BHUXJY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Krys\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Krys\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Pencil Sketch = C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk\1.0_1\

O1 HOSTS File: ([2010/08/31 08:04:57 | 000,267,620 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9268 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Krys\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Krys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50969399-80B4-4BE1-AB4C-F2AC5D83C094}: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C071FBFD-221E-4267-9783-53DDF7E1FDD0}: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE306B5-4F4F-404B-BF2B-2A92E380DE00}: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC52BE0F-9194-4836-ABD9-EA04F0146207}: DhcpNameServer = 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Krys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Krys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\bitcomet.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0504f7dc-0ac3-11df-8f52-001676bab78f}\Shell - "" = AutoRun
O33 - MountPoints2\{0504f7dc-0ac3-11df-8f52-001676bab78f}\Shell\AutoRun\command - "" = F:\install.exe
O33 - MountPoints2\{3a0c3afe-d133-11dd-90b5-0018f82ce1e4}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{3a0c3afe-d133-11dd-90b5-0018f82ce1e4}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{a424ca50-0ac7-11df-9d1b-001676bab78f}\Shell - "" = AutoRun
O33 - MountPoints2\{a424ca50-0ac7-11df-9d1b-001676bab78f}\Shell\AutoRun\command - "" = G:\install.exe
O33 - MountPoints2\{a424cb1b-0ac7-11df-9d1b-001676bab78f}\Shell - "" = AutoRun
O33 - MountPoints2\{a424cb1b-0ac7-11df-9d1b-001676bab78f}\Shell\AutoRun\command - "" = H:\kichiku_r_setup.exe
O33 - MountPoints2\{a424cb1b-0ac7-11df-9d1b-001676bab78f}\Shell\checker\command - "" = H:\TEST\CHECKER.exe
O33 - MountPoints2\{a424cb1b-0ac7-11df-9d1b-001676bab78f}\Shell\dstest\command - "" = H:\TEST\DSTEST.exe
O33 - MountPoints2\{a424cbb7-0ac7-11df-9d1b-001676bab78f}\Shell - "" = AutoRun
O33 - MountPoints2\{a424cbb7-0ac7-11df-9d1b-001676bab78f}\Shell\AutoRun\command - "" = I:\kichiku_r_setup.exe
O33 - MountPoints2\{a424cbb7-0ac7-11df-9d1b-001676bab78f}\Shell\checker\command - "" = I:\TEST\CHECKER.exe
O33 - MountPoints2\{a424cbb7-0ac7-11df-9d1b-001676bab78f}\Shell\dstest\command - "" = I:\TEST\DSTEST.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\F\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 17:00:54 | 000,000,000 | ---D | C] -- C:\Users\Krys\Documents\PaintTool SAI English Pack
[2011/11/14 16:29:55 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Local\Western_Digital
[2011/11/14 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/11/14 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/11/14 16:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/11/14 16:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2011/11/14 15:48:29 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Local\Western Digital
[2011/11/09 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Local\Akamai
[2011/11/08 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Local\Sony
[2011/11/08 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Krys\Podcasts
[2011/11/08 21:15:05 | 000,000,000 | ---D | C] -- C:\Users\Krys\Documents\Media Go
[2011/11/08 21:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/11/08 21:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/11/08 21:12:48 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Local\Downloaded Installations
[2011/11/08 21:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011/11/08 21:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/11/08 21:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
[2011/11/08 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Roaming\Sony
[2011/11/07 21:33:07 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/11/07 21:33:06 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/11/07 21:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011/11/07 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Krys\AppData\Roaming\TuneUp Software
[2011/11/07 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011/11/07 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/11/07 21:29:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/07 21:13:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Krys\Documents\OTL.exe
[2011/11/07 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Krys\Documents\Websites update
[2011/10/16 03:37:19 | 000,000,000 | ---D | C] -- C:\Users\Krys\Documents\Manga
[2009/07/10 17:14:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2009/07/10 17:14:58 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2009/07/10 17:14:58 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2009/07/10 17:14:58 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2009/07/10 17:14:58 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2009/07/10 17:14:58 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2009/07/10 17:14:58 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2009/07/10 17:14:58 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2009/07/10 17:14:58 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2009/07/10 17:14:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2009/07/10 17:14:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2009/07/10 17:14:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2009/07/10 17:14:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2009/07/10 17:14:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2009/07/10 17:14:57 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 18:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1806840690-3249109373-4186218742-1001UA.job
[2011/11/14 18:00:06 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/11/14 17:59:33 | 000,002,080 | ---- | M] () -- C:\Users\Krys\Desktop\Google Chrome.lnk
[2011/11/14 17:59:33 | 000,002,042 | ---- | M] () -- C:\Users\Krys\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 17:56:42 | 000,627,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/14 17:56:42 | 000,111,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 17:53:29 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1806840690-3249109373-4186218742-1001Core.job
[2011/11/14 17:51:12 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:51:12 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 17:50:59 | 1063,182,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 16:26:59 | 000,001,183 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/11/14 16:18:08 | 000,000,224 | ---- | M] () -- C:\Windows\System32\9B13A86D.plf
[2011/11/14 15:58:20 | 000,088,576 | ---- | M] () -- C:\Users\Krys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 23:05:25 | 000,002,337 | ---- | M] () -- C:\Users\Krys\Desktop\Skype.lnk
[2011/11/08 21:14:04 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2011/11/07 21:33:00 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/11/07 21:13:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Krys\Documents\OTL.exe
[2011/11/07 21:05:43 | 003,628,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/02 20:29:26 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/11/02 20:29:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/10/16 03:17:00 | 000,001,136 | ---- | M] () -- C:\Users\Krys\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 16:26:59 | 000,001,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/11/14 16:18:08 | 000,000,224 | ---- | C] () -- C:\Windows\System32\9B13A86D.plf
[2011/11/14 16:11:17 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/11/08 21:14:04 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2011/11/07 21:33:00 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/11/07 21:32:58 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/10/16 03:17:00 | 000,001,136 | ---- | C] () -- C:\Users\Krys\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2010/08/31 09:09:42 | 000,000,132 | ---- | C] () -- C:\Users\Krys\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/18 19:34:45 | 000,000,036 | ---- | C] () -- C:\Users\Krys\AppData\Local\housecall.guid.cache
[2010/05/03 13:20:31 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2010/01/26 23:02:54 | 000,151,560 | ---- | C] () -- C:\Windows\System32\SARCheck.dll
[2010/01/26 22:42:07 | 015,163,218 | ---- | C] () -- C:\Program Files\cg1.npa
[2010/01/26 22:42:07 | 001,781,561 | ---- | C] () -- C:\Program Files\nss.npa
[2010/01/26 22:42:07 | 000,964,664 | ---- | C] () -- C:\Program Files\voice1.npa
[2010/01/26 22:42:07 | 000,001,459 | ---- | C] () -- C:\Program Files\system.npa
[2009/12/22 02:17:08 | 000,000,680 | ---- | C] () -- C:\Users\Krys\AppData\Local\d3d9caps.dat
[2009/09/16 17:10:14 | 000,003,153 | ---- | C] () -- C:\Windows\dhstatus.dat
[2009/08/21 10:54:40 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/10 17:14:58 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2009/04/16 17:58:20 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll
[2009/04/01 14:54:59 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/03/27 20:40:36 | 000,007,259 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/03/21 16:16:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/18 11:37:41 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/18 11:37:38 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/18 11:37:38 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/18 11:37:36 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/16 16:22:50 | 000,061,678 | ---- | C] () -- C:\Users\Krys\AppData\Roaming\PFP120JPR.{PB
[2008/12/16 16:22:50 | 000,012,358 | ---- | C] () -- C:\Users\Krys\AppData\Roaming\PFP120JCM.{PB
[2008/11/15 20:16:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\GTW32N50.dll
[2008/11/03 12:23:11 | 000,000,025 | ---- | C] () -- C:\Windows\EPCX6000.ini
[2008/10/29 15:58:45 | 000,088,576 | ---- | C] () -- C:\Users\Krys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 02:02:11 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/27 02:02:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/19 01:54:24 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/10/19 01:54:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/10/19 01:54:24 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/10/19 01:54:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/10/19 01:54:24 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/10/19 01:54:24 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/10/19 01:54:24 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/10/19 01:54:24 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/10/19 01:54:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/10/19 01:54:24 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/10/19 01:54:24 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/10/19 01:54:24 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/10/19 01:54:24 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/10/19 01:54:24 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/10/19 01:54:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/10/19 01:54:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/18 21:58:15 | 000,003,638 | ---- | C] () -- C:\Windows\checkip.dat
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/02 15:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 15:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 15:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 15:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2006/12/12 10:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 09:48:16 | 000,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/12/12 09:04:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/12 09:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/12/12 09:01:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,628,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,627,088 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,111,468 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/25 03:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 13:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
[1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== LOP Check ==========

[2009/10/12 17:50:43 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\acccore
[2011/02/16 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Amazon
[2010/11/27 23:24:54 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\AVG
[2010/11/27 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\AVG10
[2011/10/10 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Barnes & Noble
[2011/10/05 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\BitComet
[2009/08/21 09:24:40 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\blinkx
[2010/01/26 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\DAEMON Tools Lite
[2010/05/03 13:50:21 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\DataCast
[2011/05/29 07:13:40 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\DriverCure
[2008/10/29 06:08:08 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\EPSON
[2009/11/17 16:49:54 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\EuroTalk
[2010/04/07 12:59:50 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\FrostWire
[2008/10/19 01:59:57 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Furnarchy2
[2011/05/24 01:37:05 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\GlarySoft
[2011/10/04 16:15:14 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\IMVU
[2011/02/09 22:16:25 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\IMVUClient
[2010/09/30 05:47:45 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\ManyCam
[2011/04/19 10:33:25 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Moonchild Productions
[2009/01/24 12:16:31 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\NCH Swift Sound
[2010/01/26 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\NitroplusCHiRAL
[2009/05/21 20:04:44 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\ooVoo Details
[2009/06/25 05:13:23 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Opera
[2011/05/29 07:13:39 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\ParetoLogic
[2010/08/12 02:30:20 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Smith Micro
[2011/11/08 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Sony
[2009/03/08 21:07:55 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\SYSTEMAX Software Development
[2011/07/02 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Trillian
[2011/11/07 21:32:09 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\TuneUp Software
[2010/11/30 01:52:21 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Uniblue
[2010/04/06 03:47:47 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Vivox
[2009/11/16 21:31:22 | 000,000,000 | ---D | M] -- C:\Users\Krys\AppData\Roaming\Windows Live Writer
[2011/11/14 18:00:06 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/11/14 17:45:53 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 11/14/2011 6:03:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Krys\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.21 Mb Total Physical Memory | 282.74 Mb Available Physical Memory | 27.91% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 161.61 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.93 Gb Free Space | 59.26% Space Free | Partition Type: NTFS

Computer Name: RACHEL-PC | User Name: Krys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ECD784-0E6F-4F08-AA3C-4A7ECAB72CC3}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{207BF50D-FC1A-4BE7-AE01-C43C201B4D03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21BE1C50-DB2B-46BF-B697-93B6A296062F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24182424-D848-4F71-AF59-C168C22DCF1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26E27986-BD19-4EEF-9231-31C64F7CD4D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BCC5D82-4174-481B-81FF-EBE215BDAF52}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3161687B-E13A-476E-8759-AE97CD37B1D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31CF08C7-5E31-4F99-8237-9151B7ED7F72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38358D64-E9CC-470D-A8A2-3CF4D2588704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C8B3643-0BDA-44D0-BD0C-9DA939B27B81}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40BF795D-B387-4858-AA57-F6327A9C0F07}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54F5C215-E388-4C2B-B2DF-9FB4A94DEBDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5502695E-86C4-46FE-96A3-A985CCEA2D00}" = rport=2869 | protocol=6 | dir=out | app=system |
"{577130DE-D6B0-4ADB-B2E9-94162FDF7937}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58DD7815-3536-4650-9AD5-7497A73D3EBC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6102524C-BA31-4DED-8F88-8D5A2FF06215}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{62FA37FA-C019-4ECE-ABC9-26D1E019F10B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D6D6805-85A8-4A43-AB1C-DF9D4DE5EB95}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6F08A12B-51F9-4660-BA55-29D9D9238708}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{73FFBC54-764D-4589-AD30-397D52D21117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{85EB7D52-F7F2-4F38-AEB3-D80AEA07BB65}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8F22FB8C-76D7-4947-8735-508143BA4D3B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9052F42C-75F6-4D90-B9D8-7A2165F3EA55}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9AF66ECF-C96C-4122-89D9-16B5C72FE8D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CC0BE3A-E2DE-445B-B0B8-215A033C60C5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AEDD6D32-A605-4BE5-9A50-2DFDD889A5F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFD6FCA9-E205-4DDA-AB4A-5C9BFD2E871E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B3A2CCA9-072E-4129-91B2-8192E9199A46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8D5E152-F2F5-46AB-814A-62CFFAABEE48}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DBB18656-80D7-4B47-9466-E8806AFCDDFC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DF6F9313-CC2B-496D-A5E7-FEF440D6138A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4C17DC4-C47A-4E21-9948-30A7F0F611C9}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E7526F79-6843-44F9-9D70-AD41081C5395}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC0A629A-5B60-4CE3-A5EC-F089428966B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2CAF477-5152-45F0-87D1-0759448AFA1E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F9F2DFAB-0D4E-4EE2-BB36-E4E12F0BC04C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA437D0A-C50B-40D8-BC0B-5E23B667FE5C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FAEC846B-5745-4070-9537-5DA13B3C28ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013CE074-7118-4B90-84DF-0812D94CA996}" = protocol=6 | dir=in | app=c:\program files\compact wireless-g usb adapter wireless network monitor\invokesvc2.exe |
"{04AF9681-5C5F-4D40-BC69-7DA73773B249}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{08BC3098-3F84-4383-92AE-4FB4D3645064}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0968F5BA-E0E2-412A-94E4-DD4D14FC24BE}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{0FC31434-571A-4834-AC3B-F72C11809B0B}" = protocol=58 | dir=in | [email protected],-148 |
"{11F556E5-514F-4B6A-9066-F5B38E3C1974}" = protocol=17 | dir=in | app=c:\users\krys\appdata\local\akamai\netsession_win.exe |
"{136CE146-A29E-4DBA-91A4-71991032962E}" = protocol=6 | dir=out | app=system |
"{19D26592-7ACE-46EA-8127-DB758BD4EB76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E48613C-3334-472B-A6A5-E564131FFB65}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{37B16281-A385-4012-975A-CBAE92111A44}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3E2C1167-8F26-4863-B9F7-7A9EDC97C998}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3EBF4431-A055-4A34-B087-B6099475306C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4948A4D2-D51C-4659-8D81-727DF565CA9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4A335FBB-2EB1-4A86-9D69-1B0A936DB8A7}" = protocol=17 | dir=in | app=c:\program files\compact wireless-g usb adapter wireless network monitor\invokesvc2.exe |
"{4EF0206A-880F-4F7F-9290-77E3569DBA99}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{4FC8C024-9740-482E-AD36-9704078ED3D3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5C62B995-D2DC-4016-B472-D42F250A00D8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5D13B8CC-B6A6-4F96-8222-85BE10A082F3}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{60EE2D10-C569-4D2F-8428-D96EDF5D0AF0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BE3B63D-E9B8-4DE0-A711-5C07B2419CF6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7AB711DF-7333-43C7-A5F6-5F71DD84F31E}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{890C7894-0AE8-405F-A548-AB52CB958A1F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{92EA8B29-8E5B-4033-B082-01B74AAD085C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9532AB5D-F7C3-4277-89FF-AF6DC0087618}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{99881661-A1E5-4405-8C78-1154971CE98B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4CCB120-F150-4F7F-AC24-BCAB544953E5}" = protocol=6 | dir=in | app=c:\users\krys\appdata\local\akamai\netsession_win.exe |
"{AC3550E3-3488-4FD9-B159-1BEB26807EED}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AE967BA1-8E6B-4AF9-8236-891BC48ADAE1}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B0EBDA42-4666-4594-8169-81629E678FDA}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{B1BDAE4C-7FB1-4E90-B009-752C09DA1F46}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{BD9F63A9-6D19-42F4-BD58-73F68D14F576}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{BECC9013-D68D-4D96-A4FE-1B0DD98111A1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C6EC6872-8C95-4802-89CD-BDEAAD698F28}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E12DDB8A-3477-432B-B8D4-38AA4EA5A167}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E18B4DF5-6CDC-4910-800B-32B821199A08}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E5D21F74-F7F9-40F2-BD54-4F61FC6038BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E7F7DFBE-5472-4AF9-B8FA-214091629A6D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E8BE394E-DFC5-4AC8-8F2A-5193A460DE84}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F7059309-03E0-4FB7-AD00-C5EB87AB6F08}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{FD76561E-93DA-415A-8AAE-AAC480CF8E58}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{1B1F7728-EB7B-468A-9CB8-E4DCE63E47C6}C:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{415BAA23-2467-4703-9F0F-0F7CFC530C8F}C:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{806BED99-D11F-4C3C-8BB1-6E4AABC9C309}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{816E6713-81A7-4FBC-A496-7F89F81B70CF}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{965969B7-F250-424D-9EFF-6EFA4C5B8952}C:\users\krys\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\krys\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B5857691-0011-4FE6-ADF7-F0B63764103D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FC1CA0CD-2BC0-4834-9F19-5219164ED11C}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{105B02E9-4E24-412E-9DEA-49167E9EEC3F}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{7C2513B3-7BF9-49E0-B90E-D611D9D11795}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9773E391-A5BB-42B4-AFE4-3C26499A79A7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{9F88AB0E-585C-4AE3-9D36-ACB0E62C16D2}C:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{CE7088FE-7669-4CF0-AEF0-619E6AADDFAD}C:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\krys\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{EAA2B343-76B9-4986-979C-67A7DC053A40}C:\users\krys\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\krys\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ED6B30CC-346F-4334-92AE-06C4C1794DC3}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531447F3-0BEB-408C-818F-AE0F31144C62}" = Livestream Procaster
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D51C5DC-3604-4C3B-981B-309340755447}" = Pantech Handset Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{F004C3DF-05BA-48AA-98E4-22A7F686AD1F}" = 咎狗の血
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"BitComet" = BitComet 1.28
"BN_DesktopReader" = NOOK for PC
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Furcadia" = Furcadia
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Lexmark 2300 Series" = Lexmark 2300 Series
"ManyCam" = ManyCam 2.5.74 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pale Moon 4.0.5 (x86 en-US)" = Pale Moon 4.0.5 (x86 en-US)
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Quick Startup_is1" = Quick Startup 2.8.0.718
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Sound Editor
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2009 1:11:22 AM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.7.2810, time stamp 0x4b2f0bcd,
faulting module pmp_p4s.dll, version 0.0.0.0, time stamp 0x4b2f0bda, exception
code 0xc0000005, fault offset 0x000017d3, process id 0xd98, application start time
0x01ca8387a892b704.

Error - 12/24/2009 5:26:44 PM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36,
faulting module furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36, exception
code 0xc0000005, fault offset 0x0004e5fc, process id 0x10e8, application start time
0x01ca837d96849154.

Error - 12/26/2009 12:46:11 AM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36,
faulting module furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36, exception
code 0xc0000005, fault offset 0x0004e5fc, process id 0xfd4, application start time
0x01ca8507653a8bf4.

Error - 12/26/2009 12:54:07 AM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36,
faulting module furc_on.exe, version 2.7.2.0, time stamp 0x49f4bf36, exception
code 0xc0000005, fault offset 0x0004e5fc, process id 0x1884, application start time
0x01ca85e665f1686c.

Error - 12/26/2009 5:50:22 AM | Computer Name = Rachel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/26/2009 5:50:22 AM | Computer Name = Rachel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/26/2009 5:50:23 AM | Computer Name = Rachel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/26/2009 5:50:23 AM | Computer Name = Rachel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/26/2009 2:19:08 PM | Computer Name = Rachel-PC | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 12/29/2009 1:33:37 AM | Computer Name = Rachel-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3622 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1acc Start Time: 01ca884831dc3b60 Termination Time: 4

[ Media Center Events ]
Error - 6/27/2009 2:41:03 AM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/16/2009 12:07:16 AM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/25/2009 11:45:40 PM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/5/2009 11:42:46 PM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/8/2009 11:42:46 PM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/11/2009 11:42:58 PM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/14/2009 11:42:48 PM | Computer Name = Rachel-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/14/2009 11:56:56 PM | Computer Name = Rachel-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 9/15/2009 12:14:26 AM | Computer Name = Rachel-PC | Source = Mcx2Prov | ID = 505
Description =

Error - 9/15/2009 12:14:26 AM | Computer Name = Rachel-PC | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 11/8/2011 12:05:04 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/9/2011 9:54:17 PM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/9/2011 9:56:55 PM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/11/2011 1:07:51 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/12/2011 12:13:54 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/14/2011 6:16:54 PM | Computer Name = Rachel-PC | Source = HTTP | ID = 15016
Description =

Error - 11/14/2011 6:17:25 PM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/14/2011 6:51:07 PM | Computer Name = Rachel-PC | Source = HTTP | ID = 15016
Description =

Error - 11/14/2011 6:52:00 PM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/14/2011 6:52:37 PM | Computer Name = Rachel-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >
  • 0

Advertisements

#2
Render
Posted 02 December 2011 - 04:39 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

The physical memory on my computer is usually quite high. I think the lowest it ever is, is around 50-70%.

Your system have only 1GB of RAM. I would recommend at least 2GB. 50-70% of memory usage is quite normal. Intelligent OS would use almost all available memory.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
hakuinwonderland
Posted 04 December 2011 - 02:19 PM

hakuinwonderland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Scan Log


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 14:31:24
-----------------------------
14:31:24.388 OS Version: Windows 6.0.6001 Service Pack 1
14:31:24.388 Number of processors: 2 586 0xF06
14:31:24.390 ComputerName: RACHEL-PC UserName: Krys
14:31:26.206 Initialize success
14:36:10.116 AVAST engine defs: 11120401
14:36:18.135 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:36:18.135 Disk 0 Vendor: WDC_WD3200KS-75PFB0 21.00M21 Size: 305245MB BusType: 3
14:36:20.163 Disk 0 MBR read successfully
14:36:20.163 Disk 0 MBR scan
14:36:20.178 Disk 0 Windows VISTA default MBR code
14:36:20.178 Disk 0 scanning sectors +625139712
14:36:20.272 Disk 0 scanning C:\Windows\system32\drivers
14:36:39.086 Service scanning
14:36:39.928 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:36:40.536 Modules scanning
14:36:44.452 Disk 0 trace - called modules:
14:36:44.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8518f1f8]<<
14:36:44.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8586eac8]
14:36:44.483 3 CLASSPNP.SYS[897a9745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e2ba0]
14:36:44.483 \Driver\atapi[0x851da828] -> IRP_MJ_CREATE -> 0x8518f1f8
14:36:46.714 AVAST engine scan C:\Windows
14:36:51.566 AVAST engine scan C:\Windows\system32
14:40:25.098 AVAST engine scan C:\Windows\system32\drivers
14:40:46.049 AVAST engine scan C:\Users\Krys
15:10:34.914 AVAST engine scan C:\ProgramData
15:14:12.705 Scan finished successfully
15:15:17.008 Disk 0 MBR has been saved successfully to "C:\Users\Krys\Desktop\MBR.dat"
15:15:17.024 The log file has been saved successfully to "C:\Users\Krys\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   104 downloads

  • 0

#4
Render
Posted 04 December 2011 - 05:11 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
hakuinwonderland
Posted 06 December 2011 - 08:31 PM

hakuinwonderland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8326

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

12/6/2011 9:26:26 PM
mbam-log-2011-12-06 (21-26-26).txt

Scan type: Quick scan
Objects scanned: 196165
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Render
Posted 07 December 2011 - 05:39 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#7
Render
Posted 21 December 2011 - 02:36 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP