Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected custom build CPU BSoD crashing


  • This topic is locked This topic is locked
21 replies to this topic

#1 Steinwertm

Steinwertm

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 14 May 2010 - 12:41 AM

Ok i have a custom build computer worked fine then BSoD, just recently it has started to just crash with no memory.dmp files already ruled out hardware and BC adivsor believes it my be infected. the link to the previous forum is as followed http://www.bleepingcomputer.com/forums/ind...p;#entry1757073

i went and used gmer but i noticed they said it was only for vista and earlier. so when i tried scanning it gave me the
C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process
it would then run but came back clean also for some reason the only things i could scan were service, registry, files. everything else was grayed out

also when tryingto back up my computer like instructed i got a bunch of these
2010-05-13 22:17 The log tab has been cleared to increase performance
ERR 2010-05-13 22:17 There were errors logged before the tab was cleared, so check the real log file (Log - Open log files)
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_seelenfaenger_s.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_seelenraub_c.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_seelenraub_c2.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_vergeltung.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_vergeltung_c.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_vergeltung_c2.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_inq_versklavung_c.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_irrlicht.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_irrlicht2.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_kehlenreisser.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_kingscorpion_dust_c.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_kingscorpion_dust_c2.particle": Disk is full. There is not enough free space on disk. - Native error: 00065
ERR 2010-05-13 22:17 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Games\sacred2\scripts\particle\fx_kingscorpion_dust_c3.particle": Disk is full. There is not enough free space on disk. - Native error: 00065




Ok here are my DDS.txt files

DDS (Ver_10-03-17.01) - NTFSX64
Run by Steinwertm at 21:52:31.19 on Thu 05/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2751 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Steinwertm\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steinwertm\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
uRun: [BitTorrent DNA] "c:\users\steinwertm\program files (x86)\dna\btdna.exe"
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [BrStsWnd] c:\program files (x86)\brownie\BrstsW64.exe Autorun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Cobian Backup 10 Interface] "c:\program files (x86)\cobian backup 10\cbInterface.exe" -service
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steinw~1\appdata\roaming\mozilla\firefox\profiles\8srlqvrq.default\
FF - component: c:\users\steinwertm\appdata\roaming\mozilla\firefox\profiles\8srlqvrq.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\steinwertm\program files (x86)\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 202752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-4-18 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-4-18 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-18 81072]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\cobian backup 10\cbVSCService.exe [2010-5-13 67584]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-6 6659072]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-6 195584]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-3-4 346144]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-4-18 1235968]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\cobian backup 10\cbService.exe [2010-5-13 1125376]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-5-3 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1255736]

============== File Associations ===============

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-05-14 04:21:12 164 ----a-w- c:\users\steinwertm\defogger_reenable
2010-05-14 00:30:33 0 d-----w- c:\program files (x86)\Cobian Backup 10
2010-05-12 06:07:28 0 d-----w- c:\users\steinw~1\appdata\roaming\Malwarebytes
2010-05-12 06:07:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 06:07:22 0 d-----w- c:\programdata\Malwarebytes
2010-05-12 05:43:38 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 05:43:38 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-09 20:10:26 0 d-----w- c:\users\steinw~1\appdata\roaming\IObit
2010-05-09 20:10:25 0 d-----w- c:\program files\Advanced SystemCare 3
2010-05-09 19:40:13 0 d-----w- c:\users\steinw~1\appdata\roaming\Uniblue
2010-05-09 19:30:03 0 d-----w- c:\users\steinwertm\Program Files (x86)
2010-05-09 19:30:03 0 d-----w- c:\users\steinw~1\appdata\roaming\DNA
2010-05-09 19:00:58 0 d-----w- c:\programdata\ATI
2010-05-09 18:57:50 0 d-----w- c:\program files\common files\ATI Technologies
2010-05-09 18:57:50 0 d-----w- c:\program files (x86)\common files\ATI Technologies
2010-05-09 18:46:44 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2010-05-09 07:35:43 0 d-----w- c:\users\steinw~1\appdata\roaming\Astroburn Pro
2010-05-09 07:35:43 0 d-----w- c:\programdata\Astroburn Pro
2010-05-09 07:12:22 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-05-09 07:11:14 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-09 07:10:20 0 d-----w- c:\program files (x86)\Microsoft
2010-05-08 06:58:05 0 d--h--w- c:\programdata\CanonBJ
2010-05-07 08:06:44 0 d-----w- C:\symbols
2010-05-07 07:55:20 0 d-----w- C:\WinDDK
2010-05-05 23:20:24 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-05-05 23:13:32 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-05 23:13:32 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-05-05 23:13:32 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-05 23:13:32 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-05-05 23:01:45 0 d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-05-05 08:05:27 0 d-----w- c:\users\steinw~1\appdata\roaming\Avira
2010-05-05 07:06:07 0 d-----w- c:\programdata\McAfee Security Scan
2010-05-05 07:06:07 0 d-----w- c:\programdata\McAfee
2010-05-05 07:06:06 0 d-----w- c:\program files (x86)\McAfee Security Scan
2010-05-04 04:19:04 0 d-----w- c:\programdata\BioWare
2010-05-03 23:52:24 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-05-03 23:51:09 0 d-----w- c:\programdata\Media Center Programs
2010-05-03 23:41:48 0 d-----w- c:\program files (x86)\Dragon Age
2010-05-03 23:41:48 0 d-----w- c:\program files (x86)\common files\BioWare
2010-05-03 23:13:23 0 d-----w- c:\programdata\SafeNet Sentinel
2010-05-03 23:13:22 0 d-----w- c:\users\steinwertm\.spss
2010-05-03 21:52:34 0 d-----w- C:\CDisplay
2010-05-03 00:37:18 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-05-03 00:37:18 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-05-03 00:37:18 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-03 00:37:18 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-03 00:37:18 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-05-03 00:06:06 0 d-----w- c:\windows\PCHEALTH
2010-05-03 00:04:51 0 d-----w- c:\program files\Microsoft Office
2010-05-03 00:04:30 0 d-----w- c:\programdata\Microsoft Help
2010-05-02 23:46:58 0 d-----w- c:\users\steinw~1\appdata\roaming\GetRightToGo
2010-05-02 19:46:21 442928521 ----a-w- c:\windows\MEMORY.DMP
2010-04-30 07:13:35 0 d-----w- c:\programdata\Steam
2010-04-30 07:13:28 0 d-----w- c:\programdata\PopCap Games
2010-04-30 07:07:42 0 d-----w- c:\program files (x86)\common files\Steam
2010-04-28 02:52:34 2414360 ----a-w- c:\windows\syswow64\d3dx9_31.dll
2010-04-28 02:51:55 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-04-22 03:51:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-22 02:59:26 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-22 02:59:26 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-04-22 02:59:26 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-04-22 02:59:17 0 d-----w- c:\program files\iPod
2010-04-22 02:59:16 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-22 02:59:16 0 d-----w- c:\program files\iTunes
2010-04-22 02:59:16 0 d-----w- c:\program files (x86)\iTunes
2010-04-22 02:58:03 0 d-----w- c:\programdata\Apple Computer
2010-04-22 02:57:43 0 d-----w- c:\program files\common files\Apple
2010-04-22 02:57:34 0 d-----w- c:\program files\Bonjour
2010-04-22 02:57:34 0 d-----w- c:\program files (x86)\Bonjour
2010-04-22 02:57:22 0 d-----w- c:\programdata\Apple
2010-04-22 02:35:34 0 d-----w- c:\programdata\Hewlett-Packard
2010-04-19 03:22:30 0 d-----w- c:\users\steinw~1\appdata\roaming\Mount&Blade Warband
2010-04-19 03:18:37 4178264 ----a-w- c:\windows\syswow64\D3DX9_41.dll
2010-04-19 03:18:37 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2010-04-19 03:18:37 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-04-19 03:15:56 0 d-----w- c:\program files\WinRAR
2010-04-19 02:55:20 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-19 02:54:24 0 d-----w- c:\users\steinw~1\appdata\roaming\DAEMON Tools Lite
2010-04-19 02:54:22 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-19 02:49:16 0 d-----r- c:\users\steinw~1\appdata\roaming\Brother
2010-04-19 02:47:17 0 d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2010-04-19 02:43:35 153 ----a-w- c:\windows\BRVIDEO.INI
2010-04-19 02:43:35 0 ----a-w- c:\windows\brmx2001.ini
2010-04-19 02:43:15 426 ----a-w- c:\windows\BRWMARK.INI
2010-04-19 02:43:13 24223 ------w- c:\windows\syswow64\brlm03a.dll
2010-04-19 02:43:12 31250 ----a-w- c:\windows\HL-5370DW.INI
2010-04-19 02:43:12 30528 ----a-w- c:\windows\system32\drivers\brpar64a.sys
2010-04-19 02:43:12 176128 ------w- c:\windows\syswow64\BROSNMP.DLL
2010-04-19 02:43:12 0 d-----w- c:\program files (x86)\Brownie
2010-04-19 02:43:09 77824 ----a-w- c:\windows\syswow64\BRLMW03A.DLL
2010-04-19 02:43:09 50 ----a-w- c:\windows\system32\BRADM08A.DAT
2010-04-19 02:43:09 45056 ----a-w- c:\windows\syswow64\BRTCPCON.DLL
2010-04-19 02:43:09 192512 ------w- c:\windows\syswow64\Pdrvinst.dll
2010-04-19 02:43:09 114 ----a-w- c:\windows\syswow64\BRLMW03A.INI
2010-04-19 02:43:09 0 d-----w- c:\program files (x86)\Brother
2010-04-19 02:42:15 105 ----a-w- c:\windows\Brownie.ini
2010-04-19 02:41:58 0 d-----w- c:\programdata\Brother
2010-04-19 02:28:20 0 d-----w- c:\program files (x86)\ATI
2010-04-19 02:28:14 0 d-----w- c:\windows\syswow64\Macromed
2010-04-19 02:27:24 0 d-----w- c:\program files (x86)\ATI Technologies
2010-04-19 02:26:51 0 d-----w- c:\program files\ATI Technologies
2010-04-19 02:25:06 0 d-----w- C:\ATI
2010-04-19 01:52:49 0 d-----w- C:\Games
2010-04-19 01:52:39 0 d-----w- C:\Prgrams
2010-04-19 01:52:10 0 d-----w- c:\users\steinw~1\appdata\roaming\uTorrent
2010-04-18 12:12:57 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-18 12:12:57 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-04-18 12:10:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-18 12:08:32 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-18 12:08:32 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-18 09:59:14 413893 --sha-r- C:\JUMZB
2010-04-18 09:49:04 0 d-----w- c:\program files (x86)\CCleaner
2010-04-18 09:46:42 0 d-----w- c:\program files (x86)\Loaders
2010-04-18 09:43:59 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-18 09:43:58 0 d-----w- c:\programdata\Avira
2010-04-18 09:43:58 0 d-----w- c:\program files (x86)\Avira
2010-04-18 09:29:46 0 d-----w- c:\windows\Panther
2010-04-18 09:29:34 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-18 09:29:32 383562 --sha-r- C:\bootmgr
2010-04-18 09:29:32 0 d-sh--w- C:\Boot
2010-04-18 09:22:21 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-04-18 09:17:45 0 d-----w- c:\programdata\Adobe
2010-04-18 09:02:16 20 --sha-r- C:\win7.ld
2010-04-18 08:52:33 0 d-----w- c:\program files (x86)\Realtek
2010-04-18 08:52:18 24576 ----a-r- c:\windows\syswow64\AsIO.dll
2010-04-18 08:52:16 0 d-----w- c:\program files (x86)\ASUS
2010-04-18 08:52:06 674 ----a-w- c:\windows\setup.iss
2010-04-18 08:52:02 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-04-18 08:51:42 0 d-----w- c:\program files\ATI
2010-04-18 08:50:45 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2010-04-18 08:50:45 84992 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2010-04-18 08:50:45 82432 ----a-w- c:\windows\system32\nQAPO.dll
2010-04-18 08:50:45 76288 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2010-04-18 08:50:45 529920 ----a-w- c:\windows\system32\VIASysFx.dll
2010-04-18 08:50:45 242176 ----a-w- c:\windows\system32\Dts2APO.dll
2010-04-18 08:50:45 193024 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2010-04-18 08:50:45 1235968 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2010-04-18 08:50:45 1011712 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2010-04-18 08:50:38 414632 ------w- c:\windows\difxapi.dll
2010-04-18 08:50:38 0 d-----w- c:\program files (x86)\VIA
2010-04-18 08:50:06 0 d-sh--w- c:\windows\Installer
2010-04-18 08:49:14 36545 ----a-w- c:\windows\Ascd_log.ini
2010-04-18 08:48:11 1769 ----a-w- c:\windows\Language_trs.ini
2010-04-18 08:48:04 30007 ----a-w- c:\windows\Ascd_tmp.ini
2010-04-18 08:45:05 0 d-----w- c:\windows\syswow64\Wat
2010-04-18 08:45:05 0 d-----w- c:\windows\system32\Wat
2010-04-18 08:39:55 0 d-sh--w- C:\Recovery
2010-04-18 08:33:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-18 07:43:09 401 --sha-r- C:\Boot.ini.saved
2010-04-18 07:11:21 0 d-sh--r- C:\cmdcons
2010-04-17 04:24:34 27536 ----a-w- c:\windows\system32\drivers\dc3d.sys

==================== Find3M ====================

2010-04-07 02:44:06 6659072 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:40:36 18929664 ----a-w- c:\windows\system32\atio6axx.dll
2010-04-07 02:16:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16:20 489472 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-04-07 02:15:26 553472 ----a-w- c:\windows\system32\aticfx64.dll
2010-04-07 02:13:10 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:13:00 455168 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12:18 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:12:12 14321664 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-04-07 02:10:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-04-07 02:10:40 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-04-07 02:10:32 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-04-07 02:10:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-04-07 02:10:12 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10:08 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-04-07 02:10:00 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-04-07 02:06:26 3164160 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-04-07 01:54:40 3834880 ----a-w- c:\windows\system32\atidxx64.dll
2010-04-07 01:46:50 55296 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40:46 3707904 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-04-07 01:40:18 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-04-07 01:40:18 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-04-07 01:40:12 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-04-07 01:40:10 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-04-07 01:40:04 5186048 ----a-w- c:\windows\system32\aticaldd64.dll
2010-04-07 01:38:12 4018176 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-04-07 01:32:56 4806144 ----a-w- c:\windows\system32\atiumd64.dll
2010-04-07 01:27:22 2701312 ----a-w- c:\windows\system32\atiumd6a.dll
2010-04-07 01:24:02 334336 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-04-07 01:23:42 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23:36 16384 ----a-w- c:\windows\system32\atig6txx.dll
2010-04-07 01:23:32 14848 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-04-07 01:23:30 195584 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22:52 36864 ----a-w- c:\windows\system32\atiuxp64.dll
2010-04-07 01:22:44 28160 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-04-07 01:22:38 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-04-07 01:22:30 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-04-07 01:22:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21:08 2983936 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-04-02 16:09:08 2023 ----a-w- c:\windows\syswow64\atipblag.dat
2010-04-02 16:09:08 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:52:46.25 ===============


Thanks guys

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 15 May 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 16 May 2010 - 12:48 AM

The problem hasn't changed since i posted. i haven't had a blue screen since i posted here but it still crashing and restarting itself


OTL logfile created on: 5/15/2010 10:40:22 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Steinwertm\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 402.08 Gb Free Space | 86.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.02 Gb Total Space | 430.09 Gb Free Space | 72.16% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.87 Gb Total Space | 0.90 Gb Free Space | 47.98% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: STEINWERTM-PC
Current User Name: Steinwertm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/11 17:56:36 | 003,150,336 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
PRC - [2010/05/09 12:30:03 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Steinwertm\Program Files (x86)\DNA\btdna.exe
PRC - [2010/05/03 06:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Steinwertm\Desktop\OTL.exe
PRC - [2010/04/19 20:09:24 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/20 22:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/08/19 04:51:20 | 000,622,080 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 06:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Steinwertm\Desktop\OTL.exe
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/18 01:45:04 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/04/06 19:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/05/13 01:10:06 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/11 17:56:34 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Stopped] -- C:\Program Files (x86)\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010/05/10 10:03:10 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/04/19 20:09:24 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Running] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/18 19:55:20 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/04/06 19:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/04/06 19:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 18:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 03:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/17 04:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/11/06 08:56:30 | 000,030,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\brpar64a.sys -- (BrPar)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/07/05 19:48:34 | 000,013,368 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/04/06 00:24:30 | 000,013,368 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 36 47 EC 46 F2 CA 01 [binary data]
IE - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/27 19:52:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/05 00:59:37 | 000,000,000 | ---D | M]

[2010/04/18 02:15:37 | 000,000,000 | ---D | M] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Extensions
[2010/05/15 21:49:23 | 000,000,000 | ---D | M] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions
[2010/05/04 22:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2010/04/18 02:19:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/18 19:47:18 | 000,000,000 | ---D | M] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions\DTToolbar@toolbarnet.com
[2010/05/04 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions\foxfilter@inspiredeffect.net
[2010/04/18 02:19:06 | 000,000,000 | ---D | M] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla\Firefox\Profiles\8srlqvrq.default\extensions\smarterwiki@wikiatic.com
[2010/04/18 02:15:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Cobian Backup 10 Interface] C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-597305361-3322934931-3008575591-1000..\Run: [BitTorrent DNA] C:\Users\Steinwertm\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/03/19 22:58:38 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{6ad4ac73-56c6-11df-ba39-e0cb4e004e55}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad4ac73-56c6-11df-ba39-e0cb4e004e55}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{c224fe47-4b60-11df-9082-e0cb4e004e55}\Shell - "" = AutoRun
O33 - MountPoints2\{c224fe47-4b60-11df-9082-e0cb4e004e55}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AirShare - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 21:41:25 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Steinwertm\Desktop\OTL.exe
[2010/05/13 17:32:32 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Safe mirror
[2010/05/13 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2010/05/11 23:07:28 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Malwarebytes
[2010/05/11 23:07:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/11 23:07:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/11 23:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/09 13:10:26 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\IObit
[2010/05/09 13:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced SystemCare 3
[2010/05/09 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Uniblue
[2010/05/09 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Program Files (x86)
[2010/05/09 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\DNA
[2010/05/09 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\DNA
[2010/05/09 12:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/05/09 11:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/05/09 11:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/05/09 11:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/05/09 00:35:43 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Astroburn Pro
[2010/05/09 00:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Pro
[2010/05/09 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/05/09 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/05/09 00:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/05/09 00:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/09 00:09:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/05/09 00:09:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/05/09 00:09:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/05/09 00:09:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/05/09 00:09:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/05/09 00:09:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/05/09 00:09:03 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/05/09 00:09:03 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/05/09 00:09:02 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/05/09 00:09:02 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/05/09 00:09:02 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/05/09 00:09:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/05/09 00:09:02 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/05/09 00:09:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/05/09 00:09:02 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/05/09 00:09:02 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/05/09 00:09:02 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/05/09 00:09:02 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/05/09 00:09:02 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/05/09 00:09:02 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/05/09 00:09:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/05/09 00:09:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/05/09 00:09:01 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/05/07 23:58:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/05/07 22:37:37 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\ElevatedDiagnostics
[2010/05/07 01:06:44 | 000,000,000 | ---D | C] -- C:\symbols
[2010/05/07 00:55:20 | 000,000,000 | ---D | C] -- C:\WinDDK
[2010/05/05 16:20:54 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Ascaron Entertainment
[2010/05/05 16:20:25 | 000,000,000 | RH-D | C] -- C:\Users\Steinwertm\AppData\Roaming\SecuROM
[2010/05/05 16:20:24 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/05/05 16:14:18 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/05/05 16:14:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/05/05 16:14:18 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/05/05 16:14:18 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/05/05 16:14:18 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/05/05 16:14:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/05/05 16:14:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/05/05 16:14:18 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/05/05 16:14:18 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/05/05 16:14:18 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/05/05 16:14:17 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/05/05 16:14:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/05/05 16:14:17 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/05/05 16:14:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/05/05 16:14:17 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/05/05 16:14:17 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/05/05 16:14:17 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/05/05 16:14:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/05/05 16:14:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/05/05 16:14:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/05/05 16:14:17 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/05/05 16:14:17 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/05/05 16:14:17 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/05/05 16:14:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/05/05 16:14:16 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/05/05 16:14:16 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/05/05 16:14:16 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/05/05 16:14:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/05/05 16:14:16 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/05/05 16:14:16 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/05/05 16:14:16 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/05/05 16:14:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/05/05 16:14:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/05/05 16:14:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/05/05 16:14:16 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/05/05 16:14:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/05/05 16:14:15 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/05/05 16:14:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/05/05 16:13:32 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/05/05 16:13:32 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/05/05 16:13:32 | 000,133,632 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/05/05 16:13:32 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/05/05 16:01:45 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2010/05/05 01:05:27 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Avira
[2010/05/05 00:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/05/05 00:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/05 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/05/03 21:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/05/03 16:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/05/03 16:52:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/05/03 16:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/03 16:52:22 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/05/03 16:52:22 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/05/03 16:52:21 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/05/03 16:52:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/05/03 16:52:21 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/05/03 16:52:21 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/05/03 16:52:21 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/05/03 16:52:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/05/03 16:52:19 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/05/03 16:52:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/05/03 16:52:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/05/03 16:52:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/05/03 16:52:19 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/05/03 16:52:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/05/03 16:52:18 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/05/03 16:52:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/05/03 16:52:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/05/03 16:52:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/05/03 16:52:18 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/05/03 16:52:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/05/03 16:52:18 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/05/03 16:52:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/05/03 16:52:17 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/05/03 16:52:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/05/03 16:52:17 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/05/03 16:52:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/05/03 16:52:17 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/05/03 16:52:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/05/03 16:52:16 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/05/03 16:52:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/05/03 16:52:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/05/03 16:52:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/05/03 16:52:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/05/03 16:52:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/05/03 16:52:16 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/05/03 16:52:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/05/03 16:52:15 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/05/03 16:52:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/05/03 16:52:14 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/03 16:52:14 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/03 16:52:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/05/03 16:52:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/05/03 16:52:14 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/05/03 16:52:14 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/05/03 16:52:13 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/05/03 16:52:13 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/05/03 16:52:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/05/03 16:52:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/05/03 16:52:12 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/05/03 16:52:12 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/05/03 16:52:12 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/05/03 16:52:12 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/05/03 16:52:12 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/05/03 16:52:11 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/05/03 16:52:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/05/03 16:52:11 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/05/03 16:52:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/05/03 16:52:10 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/05/03 16:52:10 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/05/03 16:52:03 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/05/03 16:52:03 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/05/03 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/05/03 16:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/05/03 16:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/05/03 16:13:23 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Documents\SafeNet Sentinel
[2010/05/03 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2010/05/03 16:13:22 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\.spss
[2010/05/03 14:52:34 | 000,000,000 | ---D | C] -- C:\CDisplay
[2010/05/02 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Documents\school
[2010/05/02 17:37:18 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/02 17:37:18 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/02 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/05/02 17:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/05/02 17:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/05/02 17:06:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/02 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/02 17:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/02 17:04:31 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Microsoft Help
[2010/05/02 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/05/02 17:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/02 17:04:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/02 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Desktop\Downloads
[2010/05/02 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\GetRightToGo
[2010/05/02 12:46:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/30 00:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2010/04/30 00:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/04/30 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/04/27 19:52:34 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/04/27 19:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/04/27 19:51:53 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Winamp
[2010/04/26 23:22:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Backup Chris
[2010/04/26 22:53:51 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Desktop\Music 129
[2010/04/21 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Apple Computer
[2010/04/21 19:59:39 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Apple Computer
[2010/04/21 19:59:26 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/04/21 19:59:26 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/04/21 19:59:26 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/04/21 19:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/04/21 19:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/21 19:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 19:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/21 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/21 19:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/21 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/21 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Apple
[2010/04/21 19:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/21 19:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 19:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/21 19:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/21 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/21 19:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/04/21 19:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/04/20 16:42:57 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Documents\BioWare
[2010/04/19 23:01:13 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/04/19 23:01:13 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/04/19 23:01:13 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/04/19 23:01:13 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/04/19 23:01:10 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/04/19 23:01:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/04/19 23:01:09 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/04/19 23:01:09 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/04/19 23:01:09 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/04/19 23:01:09 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/04/19 23:01:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/04/19 23:01:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/04/19 23:01:07 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/04/19 23:01:07 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/04/19 23:01:06 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/04/19 23:01:06 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/04/18 20:26:43 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Documents\Mount&Blade Warband Savegames
[2010/04/18 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Mount&Blade Warband
[2010/04/18 20:18:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/04/18 20:18:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/04/18 20:18:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/04/18 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\WinRAR
[2010/04/18 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/18 19:55:20 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/04/18 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\DAEMON Tools Lite
[2010/04/18 19:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/04/18 19:49:16 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\AppData\Roaming\Brother
[2010/04/18 19:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/04/18 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Adobe
[2010/04/18 19:43:13 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\brlm03a.dll
[2010/04/18 19:43:12 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2010/04/18 19:43:12 | 000,030,528 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\brpar64a.sys
[2010/04/18 19:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2010/04/18 19:43:09 | 000,192,512 | ---- | C] (brother) -- C:\Windows\SysWow64\Pdrvinst.dll
[2010/04/18 19:43:09 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
[2010/04/18 19:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2010/04/18 19:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2010/04/18 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\ATI
[2010/04/18 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\ATI
[2010/04/18 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/04/18 19:28:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/04/18 19:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/04/18 19:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/18 19:25:06 | 000,000,000 | ---D | C] -- C:\ATI
[2010/04/18 18:52:49 | 000,000,000 | ---D | C] -- C:\Games
[2010/04/18 18:52:39 | 000,000,000 | ---D | C] -- C:\Prgrams
[2010/04/18 18:52:10 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\uTorrent
[2010/04/18 05:09:38 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/18 05:09:38 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/04/18 05:09:38 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/18 05:09:38 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/04/18 05:09:38 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/04/18 05:09:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/04/18 05:09:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/04/18 05:09:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/04/18 05:09:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/18 05:09:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/04/18 05:09:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/04/18 05:09:29 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/04/18 05:09:27 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/04/18 05:09:27 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/04/18 05:09:27 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/04/18 05:09:25 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/04/18 05:09:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/04/18 05:09:24 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/04/18 05:09:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/04/18 05:09:24 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/18 05:09:24 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/18 05:09:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/04/18 05:09:24 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/04/18 05:09:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/04/18 05:09:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/04/18 05:09:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/04/18 05:09:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/04/18 05:09:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/04/18 05:09:23 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/04/18 05:09:23 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/04/18 05:09:23 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/04/18 05:09:23 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/04/18 05:09:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/04/18 05:09:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/04/18 05:09:22 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/04/18 05:09:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/18 05:09:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/18 05:09:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/04/18 05:09:20 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/18 05:09:20 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/18 05:09:20 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/18 05:09:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/18 05:09:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/18 05:09:15 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/04/18 05:09:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/04/18 05:09:14 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/04/18 05:09:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/04/18 05:09:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/04/18 05:09:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/04/18 05:09:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/04/18 05:09:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/04/18 02:50:10 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\Documents\REG
[2010/04/18 02:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/18 02:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaders
[2010/04/18 02:43:59 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/04/18 02:43:59 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/04/18 02:43:59 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/04/18 02:43:59 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/04/18 02:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/18 02:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/04/18 02:29:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/04/18 02:29:32 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/04/18 02:28:27 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\BuildAGadget Content
[2010/04/18 02:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Macromedia
[2010/04/18 02:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Adobe
[2010/04/18 02:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/18 02:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/04/18 02:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/04/18 02:15:32 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Mozilla
[2010/04/18 02:15:32 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Mozilla
[2010/04/18 02:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/04/18 01:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/04/18 01:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/04/18 01:52:02 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys
[2010/04/18 01:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/18 01:51:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/04/18 01:50:45 | 001,235,968 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2010/04/18 01:50:45 | 001,011,712 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2010/04/18 01:50:45 | 000,529,920 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2010/04/18 01:50:45 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010/04/18 01:50:45 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010/04/18 01:50:45 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/04/18 01:50:45 | 000,084,992 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2010/04/18 01:50:45 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/04/18 01:50:45 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010/04/18 01:50:38 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010/04/18 01:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/04/18 01:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/04/18 01:50:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/04/18 01:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/18 01:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/18 01:40:25 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Searches
[2010/04/18 01:40:16 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Identities
[2010/04/18 01:40:15 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Contacts
[2010/04/18 01:40:13 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\VirtualStore
[2010/04/18 01:40:07 | 000,000,000 | --SD | C] -- C:\Users\Steinwertm\AppData\Roaming\Microsoft
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Videos
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Saved Games
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Pictures
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Music
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Links
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Favorites
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Downloads
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\My Documents
[2010/04/18 01:40:07 | 000,000,000 | R--D | C] -- C:\Users\Steinwertm\Desktop
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\AppData\Local\Temporary Internet Files
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Templates
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Start Menu
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\SendTo
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Recent
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\PrintHood
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\NetHood
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Documents\My Videos
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Documents\My Pictures
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Documents\My Music
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\My Documents
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Local Settings
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\AppData\Local\History
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Cookies
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\Application Data
[2010/04/18 01:40:07 | 000,000,000 | -HSD | C] -- C:\Users\Steinwertm\AppData\Local\Application Data
[2010/04/18 01:40:07 | 000,000,000 | -H-D | C] -- C:\Users\Steinwertm\AppData
[2010/04/18 01:40:07 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Temp
[2010/04/18 01:40:07 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Local\Microsoft
[2010/04/18 01:40:07 | 000,000,000 | ---D | C] -- C:\Users\Steinwertm\AppData\Roaming\Media Center Programs
[2010/04/18 01:39:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/04/18 01:36:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/18 01:31:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/04/18 00:11:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/17 12:13:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/16 21:24:34 | 000,027,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 22:40:25 | 002,883,584 | -HS- | M] () -- C:\Users\Steinwertm\NTUSER.DAT
[2010/05/15 21:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/14 15:11:46 | 000,022,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 15:11:46 | 000,022,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 15:10:15 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/14 15:10:15 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/14 15:10:15 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/14 15:04:36 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/05/14 15:04:20 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/14 15:04:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/14 15:04:07 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 21:51:59 | 000,015,215 | ---- | M] () -- C:\Users\Steinwertm\Documents\revised discussion AM.docx
[2010/05/13 21:51:59 | 000,000,162 | -H-- | M] () -- C:\Users\Steinwertm\Documents\~$vised discussion AM.docx
[2010/05/13 21:33:37 | 001,537,521 | -H-- | M] () -- C:\Users\Steinwertm\AppData\Local\IconCache.db
[2010/05/13 21:21:13 | 000,000,164 | ---- | M] () -- C:\Users\Steinwertm\defogger_reenable
[2010/05/13 20:04:33 | 000,015,266 | ---- | M] () -- C:\Users\Steinwertm\Documents\Discussion.docx(psyc101)-2.docx
[2010/05/12 00:20:51 | 000,002,036 | ---- | M] () -- C:\Users\Steinwertm\Desktop\PlantsVsZombies - Shortcut.lnk
[2010/05/11 23:07:26 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/10 03:31:17 | 000,029,516 | ---- | M] () -- C:\Users\Steinwertm\Documents\Problem signature.docx
[2010/05/10 03:20:04 | 442,928,521 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/09 19:22:56 | 000,000,748 | ---- | M] () -- C:\Users\Steinwertm\Desktop\Dragon Age Origins - Shortcut.lnk
[2010/05/09 12:35:14 | 104,304,693 | ---- | M] () -- C:\Users\Steinwertm\Desktop\Copy 1 of AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
[2010/05/09 12:34:42 | 104,304,693 | ---- | M] () -- C:\Users\Steinwertm\Desktop\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
[2010/05/09 12:33:53 | 051,461,267 | ---- | M] () -- C:\Users\Steinwertm\Desktop\Copy 1 of VIA_Audio_V6017600.zip
[2010/05/09 12:33:26 | 051,461,267 | ---- | M] () -- C:\Users\Steinwertm\Desktop\VIA_Audio_V6017600.zip
[2010/05/09 00:31:17 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2010/05/07 20:23:24 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/05/07 01:48:31 | 000,000,162 | -H-- | M] () -- C:\Users\Steinwertm\Documents\~$oblem signature.docx
[2010/05/07 00:29:23 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/07 00:29:22 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/05 23:31:33 | 000,109,680 | ---- | M] () -- C:\Users\Steinwertm\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/05 23:31:10 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/05 16:20:24 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/05/05 16:13:32 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/05/05 16:13:32 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/05/05 16:13:32 | 000,133,632 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/05/05 16:13:32 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/05/03 14:52:34 | 000,000,582 | ---- | M] () -- C:\Users\Steinwertm\Desktop\CDisplay.lnk
[2010/05/03 06:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Steinwertm\Desktop\OTL.exe
[2010/05/03 03:01:34 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/02 17:18:19 | 001,753,088 | ---- | M] () -- C:\Users\Steinwertm\Documents\Students.accdb
[2010/04/30 00:13:05 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 22:13:18 | 001,839,104 | ---- | M] () -- C:\Users\Steinwertm\Desktop\mt410.iso
[2010/04/21 20:51:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/20 16:12:48 | 000,017,923 | ---- | M] () -- C:\Users\Steinwertm\Documents\A Beautiful Mind.docx
[2010/04/18 20:25:54 | 000,000,845 | ---- | M] () -- C:\Users\Steinwertm\Desktop\Mount&Blade Warband.lnk
[2010/04/18 19:55:20 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/04/18 19:43:35 | 000,000,153 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2010/04/18 19:43:35 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2010/04/18 19:43:34 | 000,031,250 | ---- | M] () -- C:\Windows\HL-5370DW.INI
[2010/04/18 19:28:24 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/04/18 05:21:13 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/18 05:10:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/18 02:59:14 | 000,413,893 | RHS- | M] () -- C:\JUMZB
[2010/04/18 02:59:14 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/04/18 02:57:49 | 000,030,007 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2010/04/18 02:57:47 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/04/18 02:49:07 | 000,001,885 | ---- | M] () -- C:\Users\Steinwertm\Desktop\CCleaner.lnk
[2010/04/18 02:29:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/04/18 02:29:32 | 000,000,401 | RHS- | M] () -- C:\Boot.ini.saved
[2010/04/18 01:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 01:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 01:53:26 | 000,065,536 | -HS- | M] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/18 01:53:10 | 000,036,545 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2010/04/18 01:52:06 | 000,000,674 | ---- | M] () -- C:\Windows\setup.iss
[2010/04/18 01:50:58 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010/04/18 01:40:07 | 000,000,020 | -HS- | M] () -- C:\Users\Steinwertm\ntuser.ini
[2010/04/18 01:35:24 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/04/18 01:35:24 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/04/18 01:35:24 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/04/18 01:33:30 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/04/18 00:43:09 | 000,000,257 | -H-- | M] () -- C:\Boot.BAK
[2010/04/18 00:10:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/18 00:10:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/13 21:54:46 | 000,293,376 | ---- | C] () -- C:\Users\Steinwertm\Desktop\gmer.exe
[2010/05/13 21:54:31 | 000,284,915 | ---- | C] () -- C:\Users\Steinwertm\Desktop\gmer.zip
[2010/05/13 21:52:25 | 000,525,824 | ---- | C] () -- C:\Users\Steinwertm\Desktop\dds.scr
[2010/05/13 21:51:59 | 000,015,215 | ---- | C] () -- C:\Users\Steinwertm\Documents\revised discussion AM.docx
[2010/05/13 21:51:59 | 000,000,162 | -H-- | C] () -- C:\Users\Steinwertm\Documents\~$vised discussion AM.docx
[2010/05/13 21:21:12 | 000,000,164 | ---- | C] () -- C:\Users\Steinwertm\defogger_reenable
[2010/05/13 21:20:48 | 000,050,477 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Defogger.exe
[2010/05/13 20:04:33 | 000,015,266 | ---- | C] () -- C:\Users\Steinwertm\Documents\Discussion.docx(psyc101)-2.docx
[2010/05/12 00:20:51 | 000,002,036 | ---- | C] () -- C:\Users\Steinwertm\Desktop\PlantsVsZombies - Shortcut.lnk
[2010/05/11 23:07:26 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/09 19:22:56 | 000,000,748 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Dragon Age Origins - Shortcut.lnk
[2010/05/09 13:10:41 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/09 12:35:09 | 104,304,693 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Copy 1 of AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
[2010/05/09 12:33:50 | 051,461,267 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Copy 1 of VIA_Audio_V6017600.zip
[2010/05/09 12:32:19 | 051,461,267 | ---- | C] () -- C:\Users\Steinwertm\Desktop\VIA_Audio_V6017600.zip
[2010/05/09 12:30:03 | 104,304,693 | ---- | C] () -- C:\Users\Steinwertm\Desktop\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
[2010/05/09 00:47:45 | 001,839,104 | ---- | C] () -- C:\Users\Steinwertm\Desktop\mt410.iso
[2010/05/09 00:21:53 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2010/05/09 00:11:34 | 001,138,688 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Memtest86_3.5.iso
[2010/05/07 01:48:31 | 000,000,162 | -H-- | C] () -- C:\Users\Steinwertm\Documents\~$oblem signature.docx
[2010/05/07 01:27:11 | 000,029,516 | ---- | C] () -- C:\Users\Steinwertm\Documents\Problem signature.docx
[2010/05/05 14:56:47 | 000,061,952 | ---- | C] () -- C:\Users\Steinwertm\Documents\CritThinkSec10SyllabusFall2009(9)TTh.doc
[2010/05/05 14:56:47 | 000,029,765 | ---- | C] () -- C:\Users\Steinwertm\Documents\CritThinkSec10SyllabusFall2009(9)TTh.docx
[2010/05/05 14:56:47 | 000,017,923 | ---- | C] () -- C:\Users\Steinwertm\Documents\A Beautiful Mind.docx
[2010/05/05 00:06:07 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/05 00:06:07 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/03 14:52:34 | 000,000,582 | ---- | C] () -- C:\Users\Steinwertm\Desktop\CDisplay.lnk
[2010/05/02 17:16:47 | 001,753,088 | ---- | C] () -- C:\Users\Steinwertm\Documents\Students.accdb
[2010/05/02 12:46:21 | 442,928,521 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/30 00:07:41 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/21 20:51:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/18 20:19:15 | 000,000,845 | ---- | C] () -- C:\Users\Steinwertm\Desktop\Mount&Blade Warband.lnk
[2010/04/18 19:43:35 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/04/18 19:43:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/18 19:43:15 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/04/18 19:43:12 | 000,031,250 | ---- | C] () -- C:\Windows\HL-5370DW.INI
[2010/04/18 19:43:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2010/04/18 19:43:09 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2010/04/18 19:43:09 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADM08A.DAT
[2010/04/18 19:42:15 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/04/18 19:28:24 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/04/18 05:21:13 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/18 05:10:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/18 02:59:14 | 000,413,893 | RHS- | C] () -- C:\JUMZB
[2010/04/18 02:49:07 | 000,001,885 | ---- | C] () -- C:\Users\Steinwertm\Desktop\CCleaner.lnk
[2010/04/18 02:29:34 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/04/18 02:29:32 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/04/18 02:29:32 | 000,000,257 | -H-- | C] () -- C:\Boot.BAK
[2010/04/18 02:02:16 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/04/18 01:52:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/04/18 01:52:18 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/04/18 01:52:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/04/18 01:52:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/04/18 01:52:06 | 000,000,674 | ---- | C] () -- C:\Windows\setup.iss
[2010/04/18 01:50:58 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010/04/18 01:49:14 | 000,036,545 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/04/18 01:48:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/18 01:48:04 | 000,030,007 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/04/18 01:40:07 | 002,883,584 | -HS- | C] () -- C:\Users\Steinwertm\NTUSER.DAT
[2010/04/18 01:40:07 | 000,524,288 | -HS- | C] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 01:40:07 | 000,524,288 | -HS- | C] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 01:40:07 | 000,262,144 | -HS- | C] () -- C:\Users\Steinwertm\ntuser.dat.LOG1
[2010/04/18 01:40:07 | 000,065,536 | -HS- | C] () -- C:\Users\Steinwertm\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/18 01:40:07 | 000,000,020 | -HS- | C] () -- C:\Users\Steinwertm\ntuser.ini
[2010/04/18 01:40:07 | 000,000,000 | -HS- | C] () -- C:\Users\Steinwertm\ntuser.dat.LOG2
[2010/04/18 01:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/18 01:31:19 | 3220,574,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/18 00:43:09 | 000,000,401 | RHS- | C] () -- C:\Boot.ini.saved
[2010/04/18 00:43:09 | 000,000,285 | RHS- | C] () -- C:\boot.ini
[2010/04/18 00:11:45 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/04/18 00:10:41 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/18 00:10:41 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 19:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 18:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 18:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >





OTL Extras logfile created on: 5/15/2010 9:43:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Steinwertm\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 402.30 Gb Free Space | 86.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.02 Gb Total Space | 430.09 Gb Free Space | 72.16% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.87 Gb Total Space | 0.90 Gb Free Space | 47.98% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: STEINWERTM-PC
Current User Name: Steinwertm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp[@ = hlpfile] -- Reg Error: Value error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Prgrams\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Prgrams\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Prgrams\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Prgrams\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Prgrams\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Prgrams\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8BB9668-8FD2-498B-8D72-CE6DB202C5E8}" = Brother HL-5370DW
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Astroburn Pro" = Astroburn Pro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CobBackup10" = Cobian Backup 10
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROR" = Microsoft Office Professional 2007 Trial
"Steam App 3592" = Plants vs. Zombies Demo
"Steam App 40140" = Supreme Commander 2 - Demo
"uTorrent" = µTorrent
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2010 2:12:36 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13822

Error - 5/14/2010 2:12:36 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13822

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1263

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1263

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2511

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2511

Error - 5/15/2010 4:56:42 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:42 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3759

[ System Events ]
Error - 5/14/2010 12:34:55 AM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 12:35:05 AM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7038
Description = The CobianBackup10 service was unable to log on as .\steinwertm with
the currently configured password due to the following error: %%1327 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 5/14/2010 12:35:05 AM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7000
Description = The Cobian Backup 10 service failed to start due to the following
error: %%1069

Error - 5/14/2010 12:36:06 AM | Computer Name = Steinwertm-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2010 6:04:05 PM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 6:04:18 PM | Computer Name = Steinwertm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:40:35 AM on ?5/?14/?2010 was unexpected.

Error - 5/14/2010 6:04:10 PM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 6:04:21 PM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7038
Description = The CobianBackup10 service was unable to log on as .\steinwertm with
the currently configured password due to the following error: %%1327 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 5/14/2010 6:04:21 PM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7000
Description = The Cobian Backup 10 service failed to start due to the following
error: %%1069

Error - 5/14/2010 6:05:20 PM | Computer Name = Steinwertm-PC | Source = DCOM | ID = 10016
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp[@ = hlpfile] -- Reg Error: Value error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Prgrams\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Prgrams\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Prgrams\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Prgrams\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Prgrams\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Prgrams\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8BB9668-8FD2-498B-8D72-CE6DB202C5E8}" = Brother HL-5370DW
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Astroburn Pro" = Astroburn Pro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CobBackup10" = Cobian Backup 10
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROR" = Microsoft Office Professional 2007 Trial
"Steam App 3592" = Plants vs. Zombies Demo
"Steam App 40140" = Supreme Commander 2 - Demo
"uTorrent" = µTorrent
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-597305361-3322934931-3008575591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2010 2:12:36 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13822

Error - 5/14/2010 2:12:36 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13822

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1263

Error - 5/15/2010 4:56:39 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1263

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2511

Error - 5/15/2010 4:56:40 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2511

Error - 5/15/2010 4:56:42 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2010 4:56:42 AM | Computer Name = Steinwertm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3759

[ System Events ]
Error - 5/14/2010 12:34:55 AM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 12:35:05 AM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7038
Description = The CobianBackup10 service was unable to log on as .\steinwertm with
the currently configured password due to the following error: %%1327 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 5/14/2010 12:35:05 AM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7000
Description = The Cobian Backup 10 service failed to start due to the following
error: %%1069

Error - 5/14/2010 12:36:06 AM | Computer Name = Steinwertm-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2010 6:04:05 PM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 6:04:18 PM | Computer Name = Steinwertm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:40:35 AM on ?5/?14/?2010 was unexpected.

Error - 5/14/2010 6:04:10 PM | Computer Name = Steinwertm-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/14/2010 6:04:21 PM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7038
Description = The CobianBackup10 service was unable to log on as .\steinwertm with
the currently configured password due to the following error: %%1327 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 5/14/2010 6:04:21 PM | Computer Name = Steinwertm-PC | Source = Service Control Manager | ID = 7000
Description = The Cobian Backup 10 service failed to start due to the following
error: %%1069

Error - 5/14/2010 6:05:20 PM | Computer Name = Steinwertm-PC | Source = DCOM | ID = 10016
Description =


< End of report >



ok here are the reports






#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 17 May 2010 - 05:44 AM

Hi,

please try running a scan with Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 17 May 2010 - 03:30 PM

Database version: 4110

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/17/2010 1:27:26 PM
mbam-log-2010-05-17 (13-27-26).txt

Scan type: Quick scan
Objects scanned: 118824
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I ran malwarbytes before posting on this forum and it came back with two root kits and i believe a Trojan that it removed. it hasn't given me a blue screen or a crash in a two days now.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 17 May 2010 - 05:58 PM

Hi,

do you still have the log from that run?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 17 May 2010 - 07:42 PM

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

5/11/2010 11:51:49 PM
mbam-log-2010-05-11 (23-51-49).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|)
Objects scanned: 276388
Time elapsed: 23 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\PerfectOptimizer.exe (PUP.PerfectOptimizer) -> Delete on reboot.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 18 May 2010 - 11:29 AM

Hi,

this looks fine, I guess Malwarebytes took care of the issue. Have you gotten any more freezes since yesterday?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 18 May 2010 - 05:14 PM

yeah i had one yesterday, no .dmp files tho, just came home and it had restarted itself.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 18 May 2010 - 05:56 PM

Hi,

to be honest I don't see much that would point to malware at this point. Your logs look clean.

THe error message you post in your first reply probably occur because of to little backup space. Your H:\ drive has less than 1% free, it will be impossible to make a system restore partition on that partition.

Have you run Windows internal tools such as chkdsk and sfc to see if that helps with your problem? I read that you have ruled out RAM and heat so far? What are the temperatures on your PC when it freezes?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 19 May 2010 - 03:08 AM

well i don't really know how hot it is when it restarts but just sitting here its at 97f for the cpu, and 106f for the mb, ill try out the chkdsk and sfc

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 19 May 2010 - 02:52 PM

Hi,

those temps are fine. let me know if sfc and chkdsk help.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 21 May 2010 - 10:34 PM

well i did the sfc and chkdsk nothing wrong there. the computer seems to being working pretty good now. thanks for your help myrti. I haven't noticed a crash lately looks like the last one was on the 18th.

#14 Steinwertm

Steinwertm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:05:19 PM

Posted 21 May 2010 - 11:48 PM

ok scratch that last post just crashed again. so weird no BSoD just a straight lock up.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:19 AM

Posted 22 May 2010 - 04:52 PM

Hi,

I don't think this is malware. What were you doing when it crashed? Is there any scheduled task running in the background that could fit. Eg anti virus scan, backup, and so on?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users