Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something eating lots of bandwidth

Started by hafunui , Nov 10 2010 09:33 PM

  • This topic is locked This topic is locked

#1
hafunui
Posted 10 November 2010 - 09:33 PM

hafunui

    Member

  • Member
  • PipPip
  • 13 posts
Hello

Something on my computer is accessing the internet behind the scenes. According to AnalogX NetStat Live, in this month (only 10 days) 5.87GB downloaded and 1.09GB uploaded. This matches with what my ISP has recorded. Normal activity is around 2GB a month(up+down). I've checked to make sure any P2P software is off, and after a fresh restart, in few minutes, NetStat detects around 1MB outgoing before I get to start up any other application.

I've run a quick scan with Trend Micro HouseCall with no threats. (running full scan now, 26%, still nothing) I don't know what to do, but it sure seems like malware to me.
  • 0

Advertisements

#2
hafunui
Posted 11 November 2010 - 12:11 PM

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Looks like a similar case to this guy?
So maybe I go a rootkit? TrendMicro house call isn't going to help then.
  • 0

#3
hafunui
Posted 15 November 2010 - 06:58 PM

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here are the OTL logs

OTL logfile created on: 11/15/2010 4:49:28 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nathan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 60.57 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1.91 Gb Total Space | 1.91 Gb Free Space | 99.96% Space Free | Partition Type: FAT
Drive L: | 465.65 Gb Total Space | 89.89 Gb Free Space | 19.30% Space Free | Partition Type: FAT32
Drive Z: | 279.47 Gb Total Space | 91.37 Gb Free Space | 32.69% Space Free | Partition Type: NTFS

Computer Name: NATHANS-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 16:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/29 10:10:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/29 02:09:32 | 000,092,848 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2009/10/24 16:43:22 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/23 10:48:12 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2009/02/14 15:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/06 14:14:34 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 16:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/09 14:08:34 | 000,048,304 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2009/12/30 00:21:14 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/11/24 11:25:32 | 005,521,192 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/16 13:30:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/24 16:43:22 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/23 19:11:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/07 16:11:00 | 003,323,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/14 15:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/06 14:14:34 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/23 12:41:18 | 000,294,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2009/06/23 12:41:08 | 000,259,608 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2009/06/23 12:40:58 | 001,360,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2009/06/23 12:40:46 | 000,147,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/06/23 12:40:22 | 000,290,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/06/23 12:40:10 | 000,016,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/06/23 12:40:00 | 000,221,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/06/23 12:39:26 | 000,866,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/06/23 12:39:10 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/23 12:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2009/06/23 12:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2009/06/23 12:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2009/06/23 12:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2009/06/23 12:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2009/06/23 12:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2009/06/23 12:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2009/06/23 12:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/07/28 16:22:52 | 000,255,424 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/04/10 03:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 03:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 03:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 03:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 03:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 03:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 03:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/01/15 14:28:24 | 000,088,064 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2010/11/15 16:47:28 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/10/24 14:51:17 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/10/24 11:28:25 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/10/24 11:27:52 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/02/07 10:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 02 28 32 51 54 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/29 10:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/02 17:16:59 | 000,000,000 | ---D | M]

[2010/11/15 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2010/10/22 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2010/10/22 22:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\onj6ulze.default\extensions
[2010/10/18 17:43:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/02 17:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 18:35:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/10 18:35:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/27 07:18:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/06 10:57:40 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/17 08:42:24 | 047,625,100 | R--- | M] () - E:\Auto Repair for Dummies - D Sclar (1999) WW.pdf -- [ UDF ]
O32 - AutoRun File - [2009/03/16 18:14:16 | 008,587,626 | R--- | M] () - E:\Auto Repair for Dummies.pdf -- [ UDF ]
O32 - AutoRun File - [2009/03/17 07:20:12 | 012,533,437 | R--- | M] () - E:\AutoCAD 2005 for Dummies (2004).pdf -- [ UDF ]
O32 - AutoRun File - [2009/03/17 08:50:14 | 012,274,123 | R--- | M] () - E:\AutoCAD 2007 For Dummies - D. Byrnes, M. Middlebrook (Wiley, 2006) WW.pdf -- [ UDF ]
O32 - AutoRun File - [2007/08/31 17:24:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/07/05 14:42:20 | 000,000,037 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRunCD.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 16:49:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2010/11/10 18:35:53 | 002,255,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nathan\Desktop\HousecallLauncher64.exe
[2010/11/10 18:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/11/10 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2010/11/10 18:12:18 | 000,375,584 | ---- | C] (AnalogX, LLC) -- C:\Users\Nathan\Desktop\nsli.exe
[2010/11/05 12:59:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\My Received Files
[2010/11/05 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Tracing
[2010/11/05 09:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/05 09:49:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/05 09:45:39 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Windows Live
[2010/10/30 15:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YafaRay
[2010/10/30 15:17:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\yafaraySSS
[2010/10/23 10:48:38 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\blender32662-win64
[2010/10/23 10:34:29 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\luxGPU
[2010/10/23 10:02:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\lux
[2010/10/23 09:38:51 | 008,653,398 | ---- | C] (LuxRender ) -- C:\Users\Nathan\Desktop\LuxRender 0.7.1 x64 Setup.exe
[2010/10/22 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\Processing_classes
[2010/10/21 11:54:28 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2009/06/23 10:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/05/14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 16:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2010/11/15 16:47:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 16:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 16:47:09 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 16:46:20 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2010/11/15 16:46:20 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2010/11/15 16:46:20 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2010/11/15 16:46:20 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2010/11/15 16:46:20 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2010/11/15 16:46:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 16:34:48 | 000,000,087 | ---- | M] () -- C:\Users\Nathan\mm.cfg
[2010/11/15 16:13:52 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 16:13:52 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 15:22:05 | 014,998,962 | ---- | M] () -- C:\Users\Nathan\Desktop\vimeo video.mp4
[2010/11/14 15:50:59 | 012,000,044 | ---- | M] () -- C:\Users\Nathan\Desktop\NORMO.tga
[2010/11/12 14:15:05 | 000,002,815 | ---- | M] () -- C:\Users\Nathan\Desktop\pal.png
[2010/11/10 18:37:07 | 000,000,036 | ---- | M] () -- C:\Users\Nathan\AppData\Local\housecall.guid.cache
[2010/11/10 18:36:29 | 002,255,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nathan\Desktop\HousecallLauncher64.exe
[2010/11/10 18:33:13 | 000,792,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/10 18:33:13 | 000,669,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/10 18:33:13 | 000,124,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/10 18:24:30 | 000,002,092 | ---- | M] () -- C:\Users\Nathan\Desktop\NetStat Live.lnk
[2010/11/10 18:12:21 | 000,375,584 | ---- | M] (AnalogX, LLC) -- C:\Users\Nathan\Desktop\nsli.exe
[2010/11/07 19:35:59 | 000,050,728 | -H-- | M] () -- C:\Users\Nathan\Desktop\ZbThumbnail.info
[2010/11/06 16:08:24 | 000,014,848 | ---- | M] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 08:21:24 | 000,004,966 | ---- | M] () -- C:\Users\Nathan\Documents\dodeca.png
[2010/10/31 23:43:26 | 000,006,941 | ---- | M] () -- C:\Users\Nathan\Documents\fresnel.png
[2010/10/30 15:24:58 | 008,425,091 | ---- | M] () -- C:\Users\Nathan\Desktop\YafaRay-0.1.2-Beta2.1-win32.exe
[2010/10/29 20:37:48 | 000,043,056 | ---- | M] () -- C:\Users\Nathan\Documents\luminusTile.png
[2010/10/29 20:37:48 | 000,000,196 | ---- | M] () -- C:\Users\Nathan\Documents\luminusTile_zbuffer.png
[2010/10/27 22:19:50 | 000,950,908 | ---- | M] () -- C:\Users\Nathan\Documents\grass2.psd
[2010/10/27 21:46:44 | 000,102,408 | ---- | M] () -- C:\Users\Nathan\Documents\autumnGrave4.png
[2010/10/27 13:04:52 | 000,021,318 | ---- | M] () -- C:\Users\Nathan\Desktop\kerkythea.py
[2010/10/26 22:07:48 | 001,843,646 | ---- | M] () -- C:\Users\Nathan\Documents\bigLeaf.psd
[2010/10/26 21:54:36 | 000,103,363 | ---- | M] () -- C:\Users\Nathan\Documents\autumnTomb3.png
[2010/10/26 21:52:51 | 000,338,292 | ---- | M] () -- C:\Users\Nathan\Documents\ZombieGraveyard.blend
[2010/10/26 21:49:51 | 000,007,291 | ---- | M] () -- C:\Users\Nathan\Documents\leafbg.png
[2010/10/26 21:39:41 | 001,000,018 | ---- | M] () -- C:\Users\Nathan\Documents\autumnTomb3.tga
[2010/10/26 21:35:11 | 000,113,173 | ---- | M] () -- C:\Users\Nathan\Documents\autumnTomb2.png
[2010/10/26 21:34:45 | 000,112,639 | ---- | M] () -- C:\Users\Nathan\Documents\autumnTomb1.png
[2010/10/26 21:30:30 | 000,003,380 | ---- | M] () -- C:\Users\Nathan\Documents\grassAlpha.png
[2010/10/26 21:29:58 | 000,003,141 | ---- | M] () -- C:\Users\Nathan\Documents\grassColor.png
[2010/10/26 19:30:28 | 000,327,192 | ---- | M] () -- C:\Users\Nathan\Documents\ZombieGraveyard.blend1
[2010/10/26 19:29:30 | 000,003,615 | ---- | M] () -- C:\Users\Nathan\Documents\windAlpha.png
[2010/10/26 19:15:20 | 000,003,428 | ---- | M] () -- C:\Users\Nathan\Documents\leafAlpha.png
[2010/10/26 19:14:35 | 000,003,610 | ---- | M] () -- C:\Users\Nathan\Documents\leafColor.png
[2010/10/26 18:05:54 | 000,181,132 | ---- | M] () -- C:\Users\Nathan\Documents\photonMapTest.png
[2010/10/25 10:55:54 | 000,580,241 | ---- | M] () -- C:\Users\Nathan\Documents\cornellWater.png
[2010/10/24 18:46:48 | 020,557,740 | ---- | M] () -- C:\Users\Nathan\Desktop\waterCornellLux.blend
[2010/10/24 18:07:21 | 000,638,880 | ---- | M] () -- C:\Users\Nathan\Desktop\waterCornellLux.blend1
[2010/10/24 16:35:19 | 000,120,230 | ---- | M] () -- C:\Users\Nathan\Documents\grass2.png
[2010/10/24 15:46:45 | 000,338,232 | ---- | M] () -- C:\Users\Nathan\Documents\glass_transmatte.png
[2010/10/23 10:36:59 | 024,580,163 | ---- | M] () -- C:\Users\Nathan\Desktop\slg-v1.7beta1.tgz
[2010/10/23 10:33:29 | 000,707,056 | ---- | M] () -- C:\Users\Nathan\Desktop\FreeImage64_DLL.7z
[2010/10/23 10:33:22 | 000,298,843 | ---- | M] () -- C:\Users\Nathan\Desktop\SLG64v1_7beta1.7z
[2010/10/23 09:40:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\LuxRender.lnk
[2010/10/23 09:39:11 | 008,653,398 | ---- | M] (LuxRender ) -- C:\Users\Nathan\Desktop\LuxRender 0.7.1 x64 Setup.exe
[2010/10/22 22:51:16 | 000,003,997 | ---- | M] () -- C:\Users\Nathan\Desktop\_Circle.png
[2010/10/22 22:42:01 | 000,012,306 | ---- | M] () -- C:\Users\Nathan\Desktop\_Circle.tga
[2010/10/21 22:35:07 | 000,015,506 | ---- | M] () -- C:\Users\Nathan\Documents\Stone2.png
[2010/10/21 22:33:19 | 000,097,791 | ---- | M] () -- C:\Users\Nathan\Documents\grass3.png
[2010/10/21 22:26:18 | 000,003,410 | ---- | M] () -- C:\Users\Nathan\Documents\tinygrasscol.png
[2010/10/21 22:21:46 | 000,003,348 | ---- | M] () -- C:\Users\Nathan\Documents\tinygrass.png
[2010/10/21 22:15:16 | 000,003,267 | ---- | M] () -- C:\Users\Nathan\Documents\floweralpha.png
[2010/10/21 22:11:36 | 000,003,549 | ---- | M] () -- C:\Users\Nathan\Documents\flower.png
[2010/10/21 21:37:15 | 000,101,272 | ---- | M] () -- C:\Users\Nathan\Documents\grassAo.tga
[2010/10/21 00:00:29 | 000,014,240 | ---- | M] () -- C:\Users\Nathan\Documents\Stone.png
[2010/10/20 23:52:04 | 000,052,044 | ---- | M] () -- C:\Users\Nathan\Documents\Stone.psd
[2010/10/20 23:25:16 | 000,786,450 | ---- | M] () -- C:\Users\Nathan\Documents\_Plane.tga
[2010/10/19 21:24:16 | 000,124,127 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_PlaneLARGE.png
[2010/10/19 21:22:24 | 000,126,988 | ---- | M] () -- C:\Users\Nathan\Documents\deadHandLand_CircleLARGE.png
[2010/10/19 21:21:42 | 000,125,847 | ---- | M] () -- C:\Users\Nathan\Documents\DeadHandYaf.png
[2010/10/19 20:55:57 | 000,115,523 | ---- | M] () -- C:\Users\Nathan\Documents\DeadHand2_alpha.png
[2010/10/19 20:48:39 | 000,348,984 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand.blend
[2010/10/19 20:48:37 | 000,107,183 | ---- | M] () -- C:\Users\Nathan\Documents\DeadHand2.png
[2010/10/19 20:45:45 | 000,020,844 | ---- | M] () -- C:\Users\Nathan\Documents\DeadHandY.png
[2010/10/19 20:43:50 | 000,106,955 | ---- | M] () -- C:\Users\Nathan\Documents\DeadHand1.png
[2010/10/19 20:37:03 | 000,347,316 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand.blend1
[2010/10/19 20:30:25 | 000,123,509 | ---- | M] () -- C:\Users\Nathan\Documents\GroundAO.tga
[2010/10/19 20:27:39 | 000,016,947 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_HAND_Plane.001.png
[2010/10/19 20:11:47 | 000,786,450 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_HAND_Plane.001.tga
[2010/10/19 20:10:26 | 000,017,022 | ---- | M] () -- C:\Users\Nathan\Documents\IHandAO.tga
[2010/10/19 20:10:16 | 000,009,323 | ---- | M] () -- C:\Users\Nathan\Documents\HandLight.tga
[2010/10/19 20:04:30 | 000,087,309 | ---- | M] () -- C:\Users\Nathan\Documents\deadHandAO.tga
[2010/10/19 20:04:03 | 000,042,648 | ---- | M] () -- C:\Users\Nathan\Documents\groundLightMap.tga
[2010/10/19 20:03:25 | 000,059,537 | ---- | M] () -- C:\Users\Nathan\Documents\deadHandLightMap.tga
[2010/10/19 18:31:54 | 000,029,515 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_Plane.png
[2010/10/19 18:05:09 | 000,028,354 | ---- | M] () -- C:\Users\Nathan\Documents\deadHandLand_Circle.png
[2010/10/19 17:05:08 | 000,786,450 | ---- | M] () -- C:\Users\Nathan\Documents\deadHandLand_Circle.tga
[2010/10/19 13:21:34 | 000,309,972 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_Plane.psd
[2010/10/19 13:03:31 | 000,786,450 | ---- | M] () -- C:\Users\Nathan\Documents\deadHand_Plane.tga
[2010/10/18 23:50:45 | 000,017,812 | ---- | M] () -- C:\Users\Nathan\Desktop\asd.png.png
[2010/10/18 23:32:46 | 000,046,879 | ---- | M] () -- C:\Users\Nathan\Desktop\asd.png.tga
[2010/10/18 17:08:33 | 000,367,552 | ---- | M] () -- C:\Users\Nathan\Documents\SomeRoomSkylight.blend
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 15:21:43 | 014,998,962 | ---- | C] () -- C:\Users\Nathan\Desktop\vimeo video.mp4
[2010/11/14 15:48:09 | 012,000,044 | ---- | C] () -- C:\Users\Nathan\Desktop\NORMO.tga
[2010/11/12 14:15:05 | 000,002,815 | ---- | C] () -- C:\Users\Nathan\Desktop\pal.png
[2010/11/10 18:37:07 | 000,000,036 | ---- | C] () -- C:\Users\Nathan\AppData\Local\housecall.guid.cache
[2010/11/10 18:24:30 | 000,002,092 | ---- | C] () -- C:\Users\Nathan\Desktop\NetStat Live.lnk
[2010/11/04 21:31:01 | 000,004,966 | ---- | C] () -- C:\Users\Nathan\Documents\dodeca.png
[2010/10/31 23:43:25 | 000,006,941 | ---- | C] () -- C:\Users\Nathan\Documents\fresnel.png
[2010/10/30 15:23:37 | 008,425,091 | ---- | C] () -- C:\Users\Nathan\Desktop\YafaRay-0.1.2-Beta2.1-win32.exe
[2010/10/29 20:37:48 | 000,043,056 | ---- | C] () -- C:\Users\Nathan\Documents\luminusTile.png
[2010/10/29 20:37:48 | 000,000,196 | ---- | C] () -- C:\Users\Nathan\Documents\luminusTile_zbuffer.png
[2010/10/27 21:46:44 | 000,102,408 | ---- | C] () -- C:\Users\Nathan\Documents\autumnGrave4.png
[2010/10/27 13:04:47 | 000,021,318 | ---- | C] () -- C:\Users\Nathan\Desktop\kerkythea.py
[2010/10/26 22:07:47 | 001,843,646 | ---- | C] () -- C:\Users\Nathan\Documents\bigLeaf.psd
[2010/10/26 21:54:36 | 000,103,363 | ---- | C] () -- C:\Users\Nathan\Documents\autumnTomb3.png
[2010/10/26 21:48:35 | 000,007,291 | ---- | C] () -- C:\Users\Nathan\Documents\leafbg.png
[2010/10/26 21:39:41 | 001,000,018 | ---- | C] () -- C:\Users\Nathan\Documents\autumnTomb3.tga
[2010/10/26 21:35:11 | 000,113,173 | ---- | C] () -- C:\Users\Nathan\Documents\autumnTomb2.png
[2010/10/26 21:34:44 | 000,112,639 | ---- | C] () -- C:\Users\Nathan\Documents\autumnTomb1.png
[2010/10/26 21:30:29 | 000,003,380 | ---- | C] () -- C:\Users\Nathan\Documents\grassAlpha.png
[2010/10/26 21:29:58 | 000,003,141 | ---- | C] () -- C:\Users\Nathan\Documents\grassColor.png
[2010/10/26 19:26:43 | 000,003,615 | ---- | C] () -- C:\Users\Nathan\Documents\windAlpha.png
[2010/10/26 19:15:20 | 000,003,428 | ---- | C] () -- C:\Users\Nathan\Documents\leafAlpha.png
[2010/10/26 19:14:33 | 000,003,610 | ---- | C] () -- C:\Users\Nathan\Documents\leafColor.png
[2010/10/26 18:05:53 | 000,181,132 | ---- | C] () -- C:\Users\Nathan\Documents\photonMapTest.png
[2010/10/24 17:59:59 | 020,557,740 | ---- | C] () -- C:\Users\Nathan\Desktop\waterCornellLux.blend
[2010/10/24 17:59:59 | 000,638,880 | ---- | C] () -- C:\Users\Nathan\Desktop\waterCornellLux.blend1
[2010/10/23 10:35:56 | 024,580,163 | ---- | C] () -- C:\Users\Nathan\Desktop\slg-v1.7beta1.tgz
[2010/10/23 10:33:28 | 000,707,056 | ---- | C] () -- C:\Users\Nathan\Desktop\FreeImage64_DLL.7z
[2010/10/23 10:33:21 | 000,298,843 | ---- | C] () -- C:\Users\Nathan\Desktop\SLG64v1_7beta1.7z
[2010/10/23 10:08:08 | 000,580,241 | ---- | C] () -- C:\Users\Nathan\Documents\cornellWater.png
[2010/10/23 10:08:08 | 000,338,232 | ---- | C] () -- C:\Users\Nathan\Documents\glass_transmatte.png
[2010/10/23 09:40:04 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\LuxRender.lnk
[2010/10/22 22:44:15 | 000,003,997 | ---- | C] () -- C:\Users\Nathan\Desktop\_Circle.png
[2010/10/22 22:42:01 | 000,012,306 | ---- | C] () -- C:\Users\Nathan\Desktop\_Circle.tga
[2010/10/21 22:34:43 | 000,015,506 | ---- | C] () -- C:\Users\Nathan\Documents\Stone2.png
[2010/10/21 22:33:18 | 000,097,791 | ---- | C] () -- C:\Users\Nathan\Documents\grass3.png
[2010/10/21 22:26:18 | 000,003,410 | ---- | C] () -- C:\Users\Nathan\Documents\tinygrasscol.png
[2010/10/21 22:21:46 | 000,003,348 | ---- | C] () -- C:\Users\Nathan\Documents\tinygrass.png
[2010/10/21 22:15:15 | 000,003,267 | ---- | C] () -- C:\Users\Nathan\Documents\floweralpha.png
[2010/10/21 22:10:14 | 000,003,549 | ---- | C] () -- C:\Users\Nathan\Documents\flower.png
[2010/10/21 21:37:15 | 000,101,272 | ---- | C] () -- C:\Users\Nathan\Documents\grassAo.tga
[2010/10/21 08:23:28 | 000,120,230 | ---- | C] () -- C:\Users\Nathan\Documents\grass2.png
[2010/10/21 08:20:40 | 000,950,908 | ---- | C] () -- C:\Users\Nathan\Documents\grass2.psd
[2010/10/20 23:42:16 | 000,338,292 | ---- | C] () -- C:\Users\Nathan\Documents\ZombieGraveyard.blend
[2010/10/20 23:42:16 | 000,327,192 | ---- | C] () -- C:\Users\Nathan\Documents\ZombieGraveyard.blend1
[2010/10/20 22:18:20 | 000,052,044 | ---- | C] () -- C:\Users\Nathan\Documents\Stone.psd
[2010/10/20 22:09:56 | 000,014,240 | ---- | C] () -- C:\Users\Nathan\Documents\Stone.png
[2010/10/19 21:24:13 | 000,124,127 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_PlaneLARGE.png
[2010/10/19 21:22:20 | 000,126,988 | ---- | C] () -- C:\Users\Nathan\Documents\deadHandLand_CircleLARGE.png
[2010/10/19 21:21:41 | 000,125,847 | ---- | C] () -- C:\Users\Nathan\Documents\DeadHandYaf.png
[2010/10/19 20:55:56 | 000,115,523 | ---- | C] () -- C:\Users\Nathan\Documents\DeadHand2_alpha.png
[2010/10/19 20:48:36 | 000,107,183 | ---- | C] () -- C:\Users\Nathan\Documents\DeadHand2.png
[2010/10/19 20:45:45 | 000,020,844 | ---- | C] () -- C:\Users\Nathan\Documents\DeadHandY.png
[2010/10/19 20:37:40 | 000,106,955 | ---- | C] () -- C:\Users\Nathan\Documents\DeadHand1.png
[2010/10/19 20:13:13 | 000,016,947 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_HAND_Plane.001.png
[2010/10/19 20:11:47 | 000,786,450 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_HAND_Plane.001.tga
[2010/10/19 20:10:26 | 000,017,022 | ---- | C] () -- C:\Users\Nathan\Documents\IHandAO.tga
[2010/10/19 20:10:16 | 000,009,323 | ---- | C] () -- C:\Users\Nathan\Documents\HandLight.tga
[2010/10/19 20:04:30 | 000,087,309 | ---- | C] () -- C:\Users\Nathan\Documents\deadHandAO.tga
[2010/10/19 20:04:03 | 000,042,648 | ---- | C] () -- C:\Users\Nathan\Documents\groundLightMap.tga
[2010/10/19 20:03:47 | 000,123,509 | ---- | C] () -- C:\Users\Nathan\Documents\GroundAO.tga
[2010/10/19 20:03:25 | 000,059,537 | ---- | C] () -- C:\Users\Nathan\Documents\deadHandLightMap.tga
[2010/10/19 17:06:51 | 000,028,354 | ---- | C] () -- C:\Users\Nathan\Documents\deadHandLand_Circle.png
[2010/10/19 17:05:08 | 000,786,450 | ---- | C] () -- C:\Users\Nathan\Documents\deadHandLand_Circle.tga
[2010/10/19 13:21:33 | 000,309,972 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_Plane.psd
[2010/10/19 13:03:44 | 000,029,515 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_Plane.png
[2010/10/19 13:03:30 | 000,786,450 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand_Plane.tga
[2010/10/19 12:51:55 | 000,348,984 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand.blend
[2010/10/19 12:51:55 | 000,347,316 | ---- | C] () -- C:\Users\Nathan\Documents\deadHand.blend1
[2010/10/18 23:34:10 | 000,017,812 | ---- | C] () -- C:\Users\Nathan\Desktop\asd.png.png
[2010/10/18 23:32:46 | 000,046,879 | ---- | C] () -- C:\Users\Nathan\Desktop\asd.png.tga
[2010/08/24 06:44:57 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/04/27 14:30:23 | 000,000,075 | ---- | C] () -- C:\Windows\sierra.ini
[2010/04/27 12:42:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/04/27 12:42:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/04/27 12:42:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/09 15:17:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010/02/09 15:17:49 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010/02/08 06:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/12/19 20:54:30 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2009/11/19 12:25:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/11/19 12:25:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/10/27 09:26:12 | 000,007,666 | ---- | C] () -- C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
[2009/10/24 22:52:46 | 000,014,848 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 16:45:11 | 000,786,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/24 11:38:36 | 000,000,094 | ---- | C] () -- C:\Users\Nathan\AppData\Local\fusioncache.dat
[2009/10/24 10:47:07 | 768,309,223 | ---- | C] () -- C:\Program Files (x86)\Flyff_Client.exe
[2009/10/24 00:17:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/10/23 19:10:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/23 19:10:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/23 18:16:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/05 23:13:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/23 11:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/23 11:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/06/23 10:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/10/02 16:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2004/08/03 14:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\asutl8.dll

========== LOP Check ==========

[2009/12/27 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2010/05/21 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Activision
[2010/02/24 14:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Anvil Studio
[2009/11/17 17:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Auslogics
[2009/12/30 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Autodesk
[2009/10/23 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2010/01/04 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.adobe.ExMan
[2010/08/05 08:33:44 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\DisplayFusion
[2010/10/03 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Doc.EE57A57224685151543546B0367A0BD876BF88FF.1
[2010/08/09 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\foobar2000
[2009/10/27 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Foxit
[2010/06/26 18:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\gtk-2.0
[2009/11/21 16:03:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Indigo Renderer
[2009/11/15 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2010/09/09 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Notepad++
[2010/04/15 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\OpenOffice.org
[2010/07/29 09:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Planetside Software
[2009/12/21 09:50:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Poser 7
[2010/09/11 08:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ScummVM
[2010/03/07 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Stellarium
[2010/07/29 10:13:13 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uk.co.planetside
[2010/11/10 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2009/10/24 07:33:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\VectorVest, Inc
[2009/10/24 12:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Win7codecs
[2010/03/26 07:33:28 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >











Here's another one called Extras that came up too

OTL Extras logfile created on: 11/15/2010 4:49:28 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nathan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 60.57 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1.91 Gb Total Space | 1.91 Gb Free Space | 99.96% Space Free | Partition Type: FAT
Drive L: | 465.65 Gb Total Space | 89.89 Gb Free Space | 19.30% Space Free | Partition Type: FAT32
Drive Z: | 279.47 Gb Total Space | 91.37 Gb Free Space | 32.69% Space Free | Partition Type: NTFS

Computer Name: NATHANS-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{2D290715-B0FC-3898-9247-62F803A585DF}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48A7B11D-C3E1-3BEE-AF6C-8976F6E705A6}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17 (64-bit)
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
"{BF1BDC10-4366-4232-0102-000201000000}" = COLLADAMaya (1.2.2)
"{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 0.7.1 x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E62138-AFAB-4580-9BB0-880A4D7235D9}" = VectorVest RealTime
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}" = MapleStory
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord - Raising [bleep]
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4290EA5A-633E-4C6D-B9E3-5FEAEC615CC9}" = Anachronox
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BE1E5F-8978-484B-BE86-B616C00EA75A}" = Deus Ex - Invisible War
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F45C51F-A0E8-4547-83C8-CCDD4B0E4877}" = RPG Maker XP - Postality Knights Edition ENHANCED
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0316.1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93BC41C2-97DF-3B30-33F2-A7A53636FAB7}" = Doc?
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AnalogX NetStat Live" = AnalogX NetStat Live
"AsUninst.exe" = Anvil Studio
"AudioCS" = Creative Audio Console
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.6
"Blender" = Blender (remove only)
"Blendigo" = Blendigo
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Deus Ex" = Deus Ex
"DjVuLibre+DjView" = DjVuLibre+DjView
"Doc.EE57A57224685151543546B0367A0BD876BF88FF.1" = Doc?
"Fallout 3 - The Pitt" = Fallout 3 - The Pitt
"Fallout 3: Operation Anchorage™" = Fallout 3: Operation Anchorage™
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"FlashDevelop" = FlashDevelop 3.3.1
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"gatesofandaron_is1" = Gates of Andaron
"GoldWave v5.55" = GoldWave v5.55
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"InstallShield_{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"InstantStorm_is1" = InstantStorm 1.5
"IrfanView" = IrfanView (remove only)
"MapleStory" = MapleStory
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Quake 2 - id Software" = Quake 2 - id Software v3.20
"RAR Password Cracker" = RAR Password Cracker 4.12
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.140
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"ScummVM_is1" = ScummVM 1.1.1
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Photometric Viewer v3.5.00
"thinkorswim" = thinkorswim
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"YafaRay MinGW32 Build" = YafaRay MinGW32 Build
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CelsiusConverter" = CelsiusConverter
"CodeBlocks" = CodeBlocks
"FrameDemo2" = FrameDemo2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
Essexboy
Posted 17 November 2010 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, sorry for the delay - are you on a wireless router ?

Does it have a WEP key or is it unsecured ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
hafunui
Posted 17 November 2010 - 06:36 PM

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am on a wireless network, yes. I don't know what a WEP key is, but it is password protected. According to NetStat Live, only one of two computers on the network are accessing the net like this.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5140

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/17/2010 4:26:18 PM
mbam-log-2010-11-17 (16-26-18).txt

Scan type: Quick scan
Objects scanned: 190846
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Essexboy
Posted 18 November 2010 - 01:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets check that out as I feel that it may be someone else accessing your network connection

Go to control panel and select Control Panel\Network and Internet\Manage Wireless Networks

You will then get this screen
Right click the Network and select properties
The tabbed dialogue will open
Select the security tab
Is there a network security key entered (as shown by the stars on the screenshot)
[attachment=46121:Untitled.png]

I also see no indication of an Antivirus programme on your system - you should have one

I will now run an AV scan to check for anything I am not seeing

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#7
hafunui
Posted 19 November 2010 - 12:32 AM

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I do not have the option "Manage wireless networks". I did a search for it, found it, but it says wireless in not currently enabled. I think this is because I'm wired into the router? The other computer is wireless however.

I've got a Linksys E3000, and it came with the interface software Cisco Connect. All I can really change (in basic mode anyway) is the passphrase. All I could make out in the advanced settings is that "security: WPA2/WPA Mixed Mode". Maybe you would know more?

Anyway, dr.web log. It's too big I think (4mb) and if I try to preview post, it just resets the reply form.
Here's an excerpt though:

-----------------------------------------------------------------------------

C:\Users\Nathan\AppData\Local\Temp\HouseCall\log\BD9697E9-A218-49E0-A7F8-EC64275456CA\backup\55 - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Scanned: 45343
Infected: 0
Modifications: 0
Suspicious: 1
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 1
Ignored: 0
Scan speed: 617 Kb/s
Scan time: 0:25:46
=============================================================================


Seems to be just a temp file from HouseCall.

I think maybe it is someone else on the network (or someone left a torrent going, even though everyone denies it, heh)
Checking NetStat, it seems to be back to normal for now.

Question: I do not know where or how this NetStat acquires its data, but it only gives me data (since last reboot, this month, last month .etc) when I'm connected to the router. Even so, my readings are abnormally high. Could I be seeing stats from all router traffic, as opposed to traffic just from my local machine? My other wireless computer only reads out local machine traffic it seems. This is what initially convinced me that this computer was the culprit. If I'm picking up more than just my own activity, then this network monitoring software isn't too reliable in pinpointing which computer is at fault.

Anyway, I'm all up for better network security :D
  • 0

#8
Essexboy
Posted 19 November 2010 - 02:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Netstat will read from the router so all traffic is noted

Check out this site here for video tutorials on how to properly configure your router's encryption and security settings.

WPA2/WPA Mixed Mode is ok for your set up

Could you run for a day or two and let me know how it runs, if it is OK I will remove my tools and tidy up :D
  • 0

#9
hafunui
Posted 21 November 2010 - 01:04 PM

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I've made a little observation. After my last reply saying that my traffic was back to normal, I opened my saved session in Firefox portable, and even after all the pages finished loading, my downloads kept rising. (The only reason I am using portable is because I was too lazy to transfer all my data) Once I closed firefox my traffic stopped climbing.

So, figuring that it was all a bug in firefox portable, I uninstalled all traces of firefox on my system, and installed a fresh copy of the newest, normal firefox. Even with the session I fist noticed this with, everything seems to be in order now.

Been a few days, still looking good :D
  • 0

#10
Essexboy
Posted 21 November 2010 - 01:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will remove my tools and tidy you up but, run for another day or so to be sure


A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

You are now done

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :D
  • 0

#11
Essexboy
Posted 24 November 2010 - 12:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP