Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64 bit infection?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Deadman3000

Deadman3000

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 13 April 2010 - 01:16 PM

I have had random crashes and spurious errors in event viewer. I am unsure if it's a hardware issue or not. I tried looking at the guide before posting here but GMER would not run correctly. It kept giving me an error about it not being able to find a specified file in system but not what the file was. I did upgrade my memory to 8GB recently so it is possible it's faulty RAM. However I would like to rule out any possible malware/rootkits etc.

I am posting a HijackThis log instead. Can anyone advise on how to proceed from here? Programs like ComboFix refuse to run in Win7 64.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:48, on 13/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\SysWOW64\Revo71Task.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\CallStation\CStation.exe
C:\Program Files (x86)\CallStation\CStation.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [CallStation] C:\Program Files (x86)\CallStation\CStation.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Startup: taskmanager.lnk = C:\Windows\System32\taskmgr.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B23DDC7-F64E-4A6F-BE60-281A7F560A51}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8357 bytes

BC AdBot (Login to Remove)

 


#2 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 16 April 2010 - 07:26 AM

Hi is there any way to get a better log of drivers, services and startup items since Gmer does not run on Win7 64? I think I tracked the crashing down to a program called Eraser from version 5.8.8 onwards. I have rolled back to an old 5.3 version and the crashing has stopped (I am trying to get the developer to figure out why since the system has been stable since). I would say close this thread but I want to find out how I would troubleshoot Win7 64 in future if the recommended apps like Gmer do not work on this OS.

Edited by Deadman3000, 16 April 2010 - 07:27 AM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 18 April 2010 - 05:06 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 April 2010 - 02:15 AM

Gmer produces the following error upon starting and upon scan. It happens in safe mode too.




I ran the scan anyhow in safe mode and it was taking a long time so went to bed. When I awoke and checked it's progress all hard disk activity had stopped and I could no longer get to the Gmer window as the graphics on the desktop was corrupting (Everything was leaving a copy of itself on the display like when clicking on the start menu twice it would leave a copy of itself behind. Clicking on the Gmer icon on the taskbar did nothing though. I will run it again in normal mode and see what happens tonight. In the meantime here is the OTL logs.

Edited by Deadman3000, 24 April 2010 - 02:15 AM.


#5 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 April 2010 - 02:16 AM

OTL logfile created on: 24/04/2010 01:53:26 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\DeadMan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): z:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.51 Gb Total Space | 267.63 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 14.81 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive T: | 465.76 Gb Total Space | 455.69 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Drive Z: | 15.00 Gb Total Space | 5.83 Gb Free Space | 38.90% Space Free | Partition Type: NTFS

Computer Name: ODDBALL
Current User Name: DeadMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 01:50:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\DeadMan\Desktop\OTL.exe
PRC - [2010/04/17 23:10:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/18 02:41:43 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/03/12 15:00:00 | 001,777,664 | ---- | M] (Impulse Technology) -- C:\Program Files (x86)\CallStation\CStation.exe
PRC - [2010/02/18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/02/17 00:08:58 | 001,930,592 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2010/01/05 22:21:34 | 001,993,456 | ---- | M] (NesterSoft Inc.) -- C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/11/25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/01/15 17:46:08 | 001,650,688 | ---- | M] (James Garton) -- C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
PRC - [2008/09/24 09:36:10 | 000,244,232 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\Revo71Task.exe
PRC - [2008/08/05 21:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2007/09/14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2007/08/07 01:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2001/02/23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 01:50:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\DeadMan\Desktop\OTL.exe
MOD - [2010/02/14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010/02/14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 02:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/18 22:46:06 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/04/17 22:05:17 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/02/03 11:40:50 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/01/29 22:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/14 02:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 02:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 02:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 02:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 02:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 02:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 02:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 02:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 02:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 02:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 02:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/04/17 23:10:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/04/17 22:05:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2001/02/23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/17 23:10:35 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/04/17 23:10:32 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/04/17 23:10:28 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/02/03 11:40:44 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/01/27 16:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/11 16:35:26 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/11/10 12:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 12:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/03 16:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 02:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 02:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 02:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 02:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 02:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 01:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 01:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 01:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/07/14 01:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 01:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 01:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 01:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 01:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 01:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 01:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 01:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/14 01:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 01:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 01:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 01:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 00:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 00:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 00:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 00:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 00:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 00:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/24 09:36:20 | 000,221,192 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\revo71.sys -- (REVO71)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/08/07 01:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2007/05/11 17:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 5000(UVC)
DRV:64bit: - [2007/05/11 17:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 17:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/04/18 14:22:44 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 22:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 22:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2008/03/18 08:29:22 | 000,132,992 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\revo71.sys -- (REVO71)
DRV - [2007/02/07 19:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 46 9A DC 26 DE CA 01 [binary data]
IE - HKU\S-1-5-21-49934496-765774766-2657998212-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/18 14:32:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 19:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/18 14:32:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/04/19 19:24:06 | 000,000,000 | ---D | M]

[2010/04/18 14:39:54 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Extensions
[2009/12/11 21:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/26 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/23 05:32:35 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/04/23 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010/04/22 17:15:59 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/04/22 17:16:00 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2010/04/22 17:16:00 | 000,000,000 | ---D | M] (PasswordMaker) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
[2010/04/22 17:16:00 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (4chan) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/22 17:16:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/22 17:16:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/22 17:16:03 | 000,000,000 | ---D | M] (QuickJava) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2010/04/22 17:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/22 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\afom@idevfh
[2010/04/22 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\ankpixiv@snca.net
[2010/04/22 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\asf@mangaheart.org
[2010/04/22 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\cag@consumeractiongroup.co.uk
[2010/04/22 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\DeviceDetection@logitech.com
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\ietab@ip.cn
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\LogMeInClient@logmein.com
[2010/04/22 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\51v5odk9.default\extensions\ShortenURL@loucypher
[2010/01/27 03:30:34 | 000,000,000 | ---D | M] -- C:\Users\DeadMan\AppData\Roaming\Mozilla\Firefox\Profiles\chd1sn4g.default\extensions
[2010/04/23 18:21:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/18 14:32:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/18 14:32:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/17 20:23:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/19 19:23:47 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/17 22:14:58 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\Revo71Task.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-49934496-765774766-2657998212-1003..\Run: [CallStation] C:\Program Files (x86)\CallStation\CStation.exe (Impulse Technology)
O4 - HKU\S-1-5-21-49934496-765774766-2657998212-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-49934496-765774766-2657998212-1003..\Run: [WallpaperChanger] C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe (James Garton)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe.lnk = C:\Windows\SysWOW64\taskmgr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/27 08:49:40 | 000,000,000 | ---D | M] - C:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{bf962d28-4a0e-11df-a840-806e6f6e6963}\bootwiz\asrm.bin) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 01:50:21 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\DeadMan\Desktop\OTL.exe
[2010/04/24 01:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/24 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/04/24 00:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010/04/23 19:29:33 | 000,262,144 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/23 19:29:33 | 000,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/23 19:28:01 | 000,021,664 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\Entech.sys
[2010/04/23 19:28:01 | 000,005,632 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\Entech64.sys
[2010/04/23 19:28:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark
[2010/04/23 19:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010/04/23 19:23:36 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/04/23 19:19:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\temp
[2010/04/23 19:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnInTest
[2010/04/23 19:19:11 | 000,149,504 | ---- | C] (RealWorld Graphics) -- C:\Users\DeadMan\pod252.ex_
[2010/04/23 18:49:58 | 000,704,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2010/04/23 18:49:45 | 000,541,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2010/04/23 18:48:31 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/04/23 18:48:31 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/04/23 18:48:31 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/04/23 18:48:31 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/04/23 18:48:31 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/04/23 18:48:30 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/04/23 18:48:30 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/04/23 18:48:30 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/04/23 18:48:29 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/04/23 18:48:29 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/04/23 18:48:29 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/04/23 18:48:29 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/04/23 18:48:29 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/04/23 18:48:29 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/04/23 18:48:29 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/04/23 18:48:29 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/04/23 18:48:29 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/04/23 18:48:29 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/04/23 18:48:29 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/04/23 18:48:28 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/04/23 18:48:28 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/04/23 18:48:27 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/04/23 18:48:27 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/04/23 18:48:27 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/04/23 18:48:27 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/04/23 18:48:27 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/04/23 18:48:27 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/04/23 18:48:27 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/04/23 18:48:27 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/04/23 18:48:27 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/04/23 18:48:27 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/04/23 18:48:27 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/04/23 18:48:27 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/04/23 18:48:27 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/04/23 18:48:27 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/04/23 18:48:27 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/04/23 18:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/04/23 18:48:25 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/04/23 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/04/23 18:32:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/04/23 03:17:58 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\ImgBurn
[2010/04/23 02:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/04/23 02:54:43 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/04/23 02:54:43 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/04/23 02:54:43 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/04/23 02:54:41 | 021,005,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/04/23 02:54:41 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/04/23 02:54:40 | 011,906,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/04/23 02:54:40 | 009,386,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/04/23 02:54:40 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/04/23 02:54:40 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/04/23 02:54:40 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/04/23 02:54:40 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/04/23 02:54:39 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/04/23 02:54:39 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/04/23 02:54:39 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/04/23 02:54:39 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/04/23 02:54:39 | 001,592,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/04/23 02:54:39 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/04/23 02:54:39 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010/04/23 02:54:39 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/04/23 02:54:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/04/23 02:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReClock
[2010/04/23 02:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/04/23 02:24:48 | 000,000,000 | ---D | C] -- C:\directx
[2010/04/23 01:57:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/04/23 01:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/23 00:54:59 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Media Player Classic
[2010/04/23 00:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoom Player
[2010/04/23 00:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zoom Player
[2010/04/22 17:46:16 | 000,155,648 | ---- | C] (-) -- C:\Windows\SysWow64\stuninstall.exe
[2010/04/22 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eraser
[2010/04/22 16:50:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/22 15:43:15 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Eraser 6
[2010/04/22 15:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCompact Pro
[2010/04/22 15:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jaangle
[2010/04/21 19:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010/04/21 19:45:54 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\HDRsoft
[2010/04/21 13:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2010/04/21 11:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/04/21 11:11:04 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\SystemRequirementsLab
[2010/04/20 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2010/04/20 21:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010/04/20 21:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bears on the Loose
[2010/04/20 00:36:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\IDEVFH
[2010/04/19 19:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/04/19 14:50:08 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
[2010/04/19 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/04/19 12:59:36 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/04/19 12:56:44 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/19 12:56:44 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/19 12:56:43 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/04/19 12:56:42 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/04/19 12:56:41 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/04/19 12:56:41 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/04/19 12:56:41 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/04/19 12:56:40 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/04/19 12:56:35 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/04/19 12:56:35 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/04/19 12:56:35 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/04/19 12:56:35 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/04/19 12:56:35 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/04/19 12:56:35 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/04/19 12:56:35 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/04/19 12:56:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/04/19 12:56:35 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/04/19 12:56:35 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/04/19 12:56:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/04/19 12:56:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/04/19 12:56:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/04/19 12:56:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/04/19 12:56:34 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/04/19 12:56:34 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/04/19 12:56:33 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/04/19 12:56:33 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/04/19 12:56:33 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/04/19 12:56:33 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/04/19 12:56:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/04/19 12:56:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/04/19 12:56:31 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/19 12:56:30 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/04/19 12:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/04/19 12:56:27 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/04/19 12:56:26 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/19 12:56:26 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/19 12:56:26 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/04/19 12:56:26 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/04/19 12:56:26 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/04/19 12:56:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/04/19 12:56:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/04/19 12:56:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/04/19 12:56:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/04/19 12:56:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/04/19 12:56:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/04/19 12:56:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/04/19 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/04/19 12:56:19 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/04/19 12:56:19 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/04/19 12:56:19 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/04/19 12:56:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/04/19 12:56:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/04/19 12:56:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/04/19 12:56:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/04/19 12:56:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/04/19 12:56:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/04/19 12:56:16 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/19 12:56:16 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/19 12:56:15 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/19 12:56:15 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/04/19 12:56:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/04/19 12:56:14 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/04/19 12:56:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/04/19 12:56:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/04/19 12:56:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/04/19 12:56:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/04/19 12:56:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/04/19 12:56:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/04/19 12:56:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/04/18 23:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010/04/18 22:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/18 22:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/18 22:25:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/18 17:45:40 | 002,717,096 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2010/04/18 17:04:17 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\XnView
[2010/04/18 14:57:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/18 14:57:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/18 14:57:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/18 14:57:01 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/18 14:28:40 | 000,000,000 | --SD | C] -- C:\Users\DeadMan\AppData\Roaming\Microsoft
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Videos
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Saved Games
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Pictures
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Music
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Links
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Favorites
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Downloads
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\My Documents
[2010/04/18 14:28:40 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Desktop
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\AppData\Local\Temporary Internet Files
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Templates
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Start Menu
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\SendTo
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Recent
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\PrintHood
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\NetHood
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Documents\My Videos
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Documents\My Pictures
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Documents\My Music
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\My Documents
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Local Settings
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\AppData\Local\History
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Cookies
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\Application Data
[2010/04/18 14:28:40 | 000,000,000 | -HSD | C] -- C:\Users\DeadMan\AppData\Local\Application Data
[2010/04/18 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Temp
[2010/04/18 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Microsoft
[2010/04/18 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Media Center Programs
[2010/04/18 14:27:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/04/18 14:27:17 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/04/18 14:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/04/18 14:22:30 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/04/18 13:05:41 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\ElevatedDiagnostics
[2010/04/17 23:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\reFX
[2010/04/17 23:25:20 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\Cubase Projects
[2010/04/17 23:13:53 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Acronis
[2010/04/17 23:10:35 | 000,250,400 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/04/17 23:01:05 | 001,695,232 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\synsoacc.dll
[2010/04/17 22:58:09 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\KORG
[2010/04/17 22:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\KORG
[2010/04/17 22:58:01 | 000,000,000 | ---D | C] -- C:\Save
[2010/04/17 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\FabFilter
[2010/04/17 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\FabFilter
[2010/04/17 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manual
[2010/04/17 22:51:14 | 005,811,712 | ---- | C] (reFX) -- C:\Program Files (x86)\Nexus.dll
[2010/04/17 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstall Nexus
[2010/04/17 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2010/04/17 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\VST3 Presets
[2010/04/17 22:43:24 | 002,395,648 | ---- | C] (AD © 2009) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2010/04/17 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2010/04/17 22:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2010/04/17 22:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg_
[2010/04/17 22:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2010/04/17 22:32:14 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Steinberg_
[2010/04/17 22:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg_
[2010/04/17 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/04/17 22:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/04/17 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/17 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/17 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/04/17 22:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/04/17 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Launchy
[2010/04/17 20:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Impulse Technology
[2010/04/17 20:46:36 | 000,167,936 | ---- | C] (Data Techniques Inc.) -- C:\Windows\SysWow64\FMJR10.dll
[2010/04/17 20:46:36 | 000,073,728 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\im32tif.dil
[2010/04/17 20:46:36 | 000,065,536 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\im32fax.dil
[2010/04/17 20:46:36 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\im32xfax.del
[2010/04/17 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CallStation
[2010/04/17 20:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/17 20:24:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/17 20:24:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/17 20:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/17 20:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/17 20:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/04/17 20:23:12 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Sun
[2010/04/17 18:55:21 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/04/17 18:55:21 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/04/17 18:55:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/04/17 18:55:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/04/17 18:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative
[2010/04/17 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Real
[2010/04/17 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Real
[2010/04/17 18:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/04/17 18:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/17 18:53:47 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/04/17 18:53:47 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/04/17 18:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QT Lite
[2010/04/17 18:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC HomeCinema
[2010/04/17 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/04/17 18:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuri Software HEdit
[2010/04/17 18:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotify
[2010/04/17 18:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resplendent Registrar
[2010/04/17 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProcessExplorer
[2010/04/17 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2010/04/17 18:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic
[2010/04/17 18:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchy
[2010/04/17 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IP-Tools
[2010/04/17 18:37:30 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\GlobalSCAPE
[2010/04/17 18:37:30 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\GlobalSCAPE
[2010/04/17 18:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSCAPE
[2010/04/17 18:36:20 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Aegisub
[2010/04/17 18:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aegisub
[2010/04/17 18:29:59 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Syntrillium
[2010/04/17 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2010/04/17 18:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FillCD 3
[2010/04/17 18:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2010/04/17 18:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2010/04/17 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickSFV
[2010/04/17 18:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/04/17 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Paint.NET
[2010/04/17 18:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JD Design
[2010/04/17 18:20:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\temp
[2010/04/17 18:20:19 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\PassMark
[2010/04/17 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2010/04/17 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\BurnInTest
[2010/04/17 18:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/04/17 18:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/04/17 18:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/04/17 18:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2010/04/17 18:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2010/04/17 18:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/04/17 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Wallpaper Master
[2010/04/17 18:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Wallpaper Master
[2010/04/17 18:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Master
[2010/04/17 17:40:30 | 000,115,312 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2010/04/17 17:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/04/17 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\GHISLER
[2010/04/17 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Download Manager
[2010/04/17 17:30:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/17 17:04:58 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\WTablet
[2010/04/17 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\WTouch
[2010/04/17 17:04:51 | 000,290,088 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Touch_Tablet.dll
[2010/04/17 17:04:51 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Touch_Tablet.dll
[2010/04/17 17:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/04/17 17:04:46 | 007,543,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\PenTablet.cpl
[2010/04/17 17:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2010/04/17 17:04:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WTablet
[2010/04/17 17:04:28 | 000,349,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2010/04/17 17:04:27 | 005,556,520 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.exe
[2010/04/17 17:04:27 | 000,490,280 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2010/04/17 17:04:27 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2010/04/17 17:04:27 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2010/04/17 17:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tablet
[2010/04/17 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Logitech
[2010/04/17 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/04/17 17:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/04/17 16:58:31 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Leadertech
[2010/04/17 16:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010/04/17 16:57:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/04/17 16:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010/04/17 16:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/04/17 16:56:48 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Logitech
[2010/04/17 16:56:48 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Logishrd
[2010/04/17 16:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/04/17 16:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2010/04/17 16:35:19 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Realtime Soft
[2010/04/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2010/04/17 16:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010/04/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Realtime Soft
[2010/04/17 16:32:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/04/17 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer
[2010/04/17 16:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/04/17 16:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/17 16:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLeft3
[2010/04/17 16:30:34 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\NesterSoft
[2010/04/17 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/04/17 16:27:56 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Vidalia
[2010/04/17 16:27:56 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Tor
[2010/04/17 16:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileSync
[2010/04/17 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2010/04/17 16:26:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/04/17 16:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010/04/17 16:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekNS
[2010/04/17 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/04/17 16:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010/04/17 16:25:05 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/04/17 16:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010/04/17 16:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/17 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Malwarebytes
[2010/04/17 16:21:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/17 16:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/17 16:21:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/17 16:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/17 16:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/04/17 16:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010/04/17 16:15:35 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\WinRAR
[2010/04/17 16:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2010/04/17 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/04/17 16:11:56 | 000,057,776 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/04/17 16:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/04/17 16:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/04/17 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotomatixPro3
[2010/04/17 16:10:10 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Nero
[2010/04/17 16:09:26 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2010/04/17 16:09:26 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2010/04/17 16:09:26 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2010/04/17 16:09:26 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2010/04/17 16:09:26 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2010/04/17 16:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/04/17 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/04/17 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/04/17 16:06:49 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\My Corel Shows
[2010/04/17 16:06:47 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Corel
[2010/04/17 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\FinePrint files
[2010/04/17 16:05:05 | 000,391,680 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\SysNative\fpres6-x64.dll
[2010/04/17 16:05:05 | 000,278,528 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\SysNative\fpmon6.dll
[2010/04/17 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\My PSP Files
[2010/04/17 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Corel
[2010/04/17 16:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/04/17 16:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool
[2010/04/17 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/04/17 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2010/04/17 15:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/17 15:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEDSET
[2010/04/17 15:50:46 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Adobe
[2010/04/17 15:50:29 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/04/17 15:50:29 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/04/17 15:50:28 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/04/17 15:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/04/17 15:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/17 15:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/17 15:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/17 15:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/04/17 15:37:21 | 001,455,648 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010/04/17 15:37:15 | 000,254,496 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/04/17 15:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/04/17 15:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/04/17 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreCodec
[2010/04/17 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2010/04/17 15:33:54 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\The KMPlayer
[2010/04/17 15:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/04/17 15:29:35 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\FreeStone Group
[2010/04/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/04/17 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Macromedia
[2010/04/17 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Adobe
[2010/04/17 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\Documents\OCCT
[2010/04/17 14:59:06 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/04/17 14:59:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/04/17 14:59:06 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/04/17 14:59:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/04/17 14:59:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/04/17 14:59:05 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/04/17 14:59:05 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/04/17 14:59:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/04/17 14:59:04 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/04/17 14:59:04 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/04/17 14:59:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/04/17 14:59:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/04/17 14:59:03 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/04/17 14:59:03 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/04/17 14:59:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/04/17 14:59:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/04/17 14:59:02 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/04/17 14:59:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/04/17 14:59:02 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/04/17 14:59:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/04/17 14:59:02 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/04/17 14:59:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/04/17 14:59:01 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/04/17 14:59:01 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/04/17 14:59:01 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/04/17 14:59:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/04/17 14:59:00 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/04/17 14:59:00 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/04/17 14:59:00 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/04/17 14:59:00 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/04/17 14:59:00 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/04/17 14:59:00 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/04/17 14:58:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/04/17 14:58:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/04/17 14:58:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/04/17 14:58:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/04/17 14:58:59 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/04/17 14:58:59 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/04/17 14:58:59 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/04/17 14:58:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/04/17 14:58:58 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/04/17 14:58:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/04/17 14:58:58 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/04/17 14:58:58 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/04/17 14:58:58 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/04/17 14:58:58 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/04/17 14:58:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/04/17 14:58:57 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/04/17 14:58:57 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/04/17 14:58:57 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/04/17 14:58:56 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/04/17 14:58:56 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/04/17 14:58:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/04/17 14:58:56 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/04/17 14:58:56 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/04/17 14:58:56 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/04/17 14:58:55 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/04/17 14:58:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/04/17 14:58:55 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/04/17 14:58:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/04/17 14:58:54 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/04/17 14:58:54 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/04/17 14:58:53 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/04/17 14:58:53 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/04/17 14:58:53 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/04/17 14:58:53 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/04/17 14:58:52 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/04/17 14:58:52 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/04/17 14:58:52 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/04/17 14:58:52 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/04/17 14:58:52 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/04/17 14:58:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/04/17 14:58:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/04/17 14:58:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/04/17 14:58:52 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/04/17 14:58:52 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/04/17 14:58:51 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/04/17 14:58:51 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/04/17 14:58:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/04/17 14:58:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/04/17 14:58:50 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/04/17 14:58:50 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/04/17 14:58:50 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/04/17 14:58:50 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/04/17 14:58:50 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/04/17 14:58:50 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/04/17 14:58:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/04/17 14:58:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/04/17 14:58:49 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/04/17 14:58:49 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/04/17 14:58:49 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/04/17 14:58:49 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/04/17 14:58:49 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/04/17 14:58:49 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/04/17 14:58:48 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/04/17 14:58:48 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/04/17 14:58:48 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/04/17 14:58:48 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/04/17 14:58:47 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/04/17 14:58:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/04/17 14:58:47 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/04/17 14:58:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/04/17 14:58:47 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/04/17 14:58:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/04/17 14:58:46 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/04/17 14:58:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/04/17 14:58:46 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/04/17 14:58:46 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/04/17 14:58:46 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/04/17 14:58:46 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/04/17 14:58:46 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/04/17 14:58:46 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/04/17 14:58:46 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/04/17 14:58:46 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/04/17 14:58:46 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/04/17 14:58:46 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/04/17 14:58:45 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/04/17 14:58:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/04/17 14:58:45 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/04/17 14:58:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/04/17 14:58:45 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/04/17 14:58:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/04/17 14:58:44 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/04/17 14:58:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/04/17 14:58:44 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/04/17 14:58:44 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/04/17 14:58:43 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/04/17 14:58:43 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/04/17 14:58:43 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/04/17 14:58:43 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/04/17 14:58:42 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/04/17 14:58:42 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/04/17 14:58:42 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/04/17 14:58:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/04/17 14:58:42 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/04/17 14:58:42 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/04/17 14:58:42 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/04/17 14:58:42 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/04/17 14:58:41 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/04/17 14:58:41 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/04/17 14:58:41 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/04/17 14:58:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/04/17 14:58:41 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/04/17 14:58:41 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/04/17 14:58:40 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/04/17 14:58:40 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/04/17 14:58:40 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/04/17 14:58:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/04/17 14:58:36 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/04/17 14:58:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/04/17 14:58:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/04/17 14:58:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/04/17 14:58:35 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/04/17 14:58:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/04/17 14:58:35 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/04/17 14:58:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/04/17 14:58:34 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/04/17 14:58:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/04/17 14:58:34 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/04/17 14:58:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/04/17 14:58:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/04/17 14:58:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/04/17 14:58:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/04/17 14:58:33 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/04/17 14:58:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/04/17 14:58:33 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/04/17 14:57:45 | 000,000,000 | ---D | C] -- C:\dx9
[2010/04/17 14:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCCT
[2010/04/17 14:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/04/17 14:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2010/04/17 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\skypePM
[2010/04/17 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Skype
[2010/04/17 13:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/04/17 13:46:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/04/17 13:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Trillian
[2010/04/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/04/17 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2010/04/17 13:13:32 | 000,046,592 | ---- | C] (M-Audio, a division of Avid Corporation) -- C:\R71_clean.exe
[2010/04/17 13:12:30 | 000,056,328 | ---- | C] (M-Audio) -- C:\Windows\SysWow64\revo71pnl.dll
[2010/04/17 13:12:29 | 008,485,384 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\Revo71.exe
[2010/04/17 13:12:29 | 000,244,232 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\Revo71Task.exe
[2010/04/17 13:12:29 | 000,221,192 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysNative\drivers\revo71.sys
[2010/04/17 13:12:29 | 000,035,336 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysNative\revoasio64.dll
[2010/04/17 13:12:29 | 000,030,216 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysNative\Revo71.cpl
[2010/04/17 13:12:29 | 000,028,680 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\revoasio.dll
[2010/04/17 13:12:29 | 000,014,344 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysNative\Revo71CoIn64.dll
[2010/04/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio Revo 7.1
[2010/04/17 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\InstallShield
[2010/04/17 13:04:31 | 000,132,992 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\drivers\revo71.sys
[2010/04/17 13:04:31 | 000,022,016 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\revo71.cpl
[2010/04/17 13:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio
[2010/04/17 13:04:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/04/17 12:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traysoft
[2010/04/17 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PhoneTray
[2010/04/17 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Thunderbird
[2010/04/17 12:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/04/17 12:39:27 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Thunderbird
[2010/04/17 12:37:57 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\Mozilla
[2010/04/17 12:37:26 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Mozilla
[2010/04/17 12:32:35 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Searches
[2010/04/17 12:32:27 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Roaming\Identities
[2010/04/17 12:32:25 | 000,000,000 | R--D | C] -- C:\Users\DeadMan\Contacts
[2010/04/17 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\DeadMan\AppData\Local\VirtualStore
[2010/04/17 12:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/04/17 12:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/04/17 12:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/04/17 12:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/04/17 12:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/04/17 12:10:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/04/17 11:53:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/16 18:43:04 | 000,000,000 | ---D | C] -- C:\Share
[2010/04/15 11:25:35 | 000,000,000 | ---D | C] -- C:\photos
[2010/04/11 17:20:09 | 000,000,000 | ---D | C] -- C:\Eraser Standalone
[2010/04/03 18:42:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/04/03 18:42:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/04/03 18:42:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/04/03 18:42:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/04/03 18:42:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010/04/02 17:55:09 | 000,000,000 | ---D | C] -- C:\Website
[2010/04/02 07:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2010/03/30 21:51:30 | 006,024,544 | ---- | C] (Passmark Software ) -- C:\Users\DeadMan\bitpro.ex_
[2010/03/25 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vector Magic

========== Files - Modified Within 30 Days ==========

[2010/04/24 01:55:15 | 002,359,296 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat
[2010/04/24 01:52:33 | 000,293,376 | ---- | M] () -- C:\Users\DeadMan\Desktop\4devhz8u.exe
[2010/04/24 01:51:49 | 000,002,052 | -H-- | M] () -- C:\Users\DeadMan\Documents\Default.rdp
[2010/04/24 01:50:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\DeadMan\Desktop\OTL.exe
[2010/04/24 00:46:41 | 000,007,801 | ---- | M] () -- C:\Windows\WINCMD.INI
[2010/04/23 19:29:33 | 000,262,144 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/23 19:29:33 | 000,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/23 19:19:25 | 000,361,876 | ---- | M] () -- C:\Users\DeadMan\windrvswld.ex_
[2010/04/23 19:19:25 | 000,000,002 | ---- | M] () -- C:\Users\DeadMan\tenmy.ini
[2010/04/23 19:19:18 | 000,000,932 | ---- | M] () -- C:\Users\DeadMan\Desktop\BurnInTest.lnk
[2010/04/23 19:19:11 | 000,149,504 | ---- | M] (RealWorld Graphics) -- C:\Users\DeadMan\pod252.ex_
[2010/04/23 18:57:09 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/23 18:57:09 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/23 18:57:09 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/23 18:52:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/23 18:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/23 18:52:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/04/23 18:52:40 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/23 18:51:09 | 001,429,021 | -H-- | M] () -- C:\Users\DeadMan\AppData\Local\IconCache.db
[2010/04/23 18:38:12 | 549,915,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/23 18:31:58 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/04/23 18:28:44 | 000,022,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 18:28:44 | 000,022,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 03:06:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/23 03:06:26 | 000,005,632 | ---- | M] () -- C:\Users\DeadMan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 03:01:46 | 000,000,075 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/04/23 02:38:40 | 000,001,460 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/04/22 17:46:16 | 000,155,648 | ---- | M] (-) -- C:\Windows\SysWow64\stuninstall.exe
[2010/04/22 17:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/22 17:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/22 17:29:03 | 000,065,536 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TM.blf
[2010/04/22 17:26:59 | 002,717,096 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2010/04/22 17:21:38 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/04/22 17:11:31 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/22 17:11:31 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/22 17:11:31 | 000,065,536 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TM.blf
[2010/04/22 15:43:29 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/22 15:43:29 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/22 15:43:29 | 000,065,536 | -HS- | M] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TM.blf
[2010/04/21 20:25:46 | 030,004,942 | ---- | M] () -- C:\IMG_4526_7_8_tonemapped.tif
[2010/04/21 20:06:29 | 030,021,330 | ---- | M] () -- C:\IMG_4511_2_3_tonemapped.tif
[2010/04/21 02:04:55 | 000,000,053 | ---- | M] () -- C:\Windows\Eraser.INI
[2010/04/21 02:02:56 | 000,000,787 | ---- | M] () -- C:\Windows\win.ini
[2010/04/20 00:35:29 | 000,001,291 | ---- | M] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe.lnk
[2010/04/19 13:03:55 | 002,902,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/18 22:46:19 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2010/04/18 17:41:23 | 000,016,623 | ---- | M] () -- C:\Clipboard-1.jpg
[2010/04/18 15:02:38 | 000,063,192 | ---- | M] () -- C:\Users\DeadMan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/18 14:54:47 | 000,000,020 | -HS- | M] () -- C:\Users\DeadMan\ntuser.ini
[2010/04/18 14:51:12 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/04/18 14:51:12 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/04/18 14:46:20 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/04/18 14:28:42 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 14:28:42 | 000,524,288 | -HS- | M] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 14:28:42 | 000,065,536 | -HS- | M] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/18 14:23:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/18 13:47:17 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/18 13:47:17 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/18 13:21:03 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/04/17 23:10:35 | 000,250,400 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/04/17 23:10:32 | 001,455,648 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010/04/17 23:10:28 | 000,254,496 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/04/17 22:14:58 | 000,001,306 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/17 20:23:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/17 20:23:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/17 20:23:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/17 20:23:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/17 18:39:49 | 000,001,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2010/04/17 18:30:03 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini
[2010/04/17 18:16:49 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/04/17 18:16:17 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/17 17:01:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/04/17 17:01:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/04/17 17:00:20 | 000,001,364 | ---- | M] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/04/17 16:35:16 | 000,002,585 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/04/17 16:30:35 | 000,001,060 | ---- | M] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
[2010/04/17 16:25:05 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/04/17 16:07:56 | 000,003,140 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/04/17 16:07:06 | 000,000,008 | RHS- | M] () -- C:\Windows\SysWow64\AD777BAB7F.sys
[2010/04/17 16:06:05 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\570D8AE41E.sys
[2010/04/17 13:48:46 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/17 13:04:31 | 000,001,087 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Revo7.1_Tray.lnk
[2010/04/17 12:26:15 | 000,001,035 | ---- | M] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2010/04/17 12:26:14 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/04/17 12:19:10 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/04/17 12:19:10 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/04/06 17:59:58 | 001,943,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/04/06 17:59:58 | 000,612,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/04/06 17:59:58 | 000,332,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/04/06 17:59:52 | 001,660,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/04/06 17:59:52 | 000,149,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/04/06 17:59:46 | 001,210,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/04/06 17:59:46 | 000,476,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/04/06 17:59:46 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/04/03 23:55:31 | 021,005,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/04/03 23:55:31 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/04/03 23:55:31 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/04/03 23:55:31 | 011,906,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/04/03 23:55:31 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/04/03 23:55:31 | 009,386,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/04/03 23:55:31 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/04/03 23:55:31 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/04/03 23:55:31 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/04/03 23:55:31 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/04/03 23:55:31 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/04/03 23:55:31 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/04/03 23:55:31 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/04/03 23:55:31 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/04/03 23:55:31 | 000,254,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010/04/03 23:55:31 | 000,254,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/04/03 23:55:31 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/04/03 23:55:31 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/04/03 23:55:31 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/04/03 23:55:31 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/04/03 18:42:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/04/03 18:42:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/04/03 18:42:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/04/03 18:42:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/04/03 18:42:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010/04/03 18:41:38 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2010/04/03 18:41:38 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml
[2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
[2010/03/30 21:51:30 | 006,024,544 | ---- | M] (Passmark Software ) -- C:\Users\DeadMan\bitpro.ex_
[2010/03/30 20:35:32 | 000,331,168 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/25 14:09:50 | 000,071,600 | ---- | M] () -- C:\bill25March2010.pdf

========== Files Created - No Company Name ==========

[2010/04/24 01:52:32 | 000,293,376 | ---- | C] () -- C:\Users\DeadMan\Desktop\4devhz8u.exe
[2010/04/23 19:28:01 | 000,006,173 | ---- | C] () -- C:\Windows\SysWow64\drivers\Entech.vxd
[2010/04/23 19:28:01 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/04/23 19:19:25 | 000,000,002 | ---- | C] () -- C:\Users\DeadMan\tenmy.ini
[2010/04/23 19:19:18 | 000,000,932 | ---- | C] () -- C:\Users\DeadMan\Desktop\BurnInTest.lnk
[2010/04/23 19:19:15 | 000,361,876 | ---- | C] () -- C:\Users\DeadMan\windrvswld.ex_
[2010/04/23 18:49:58 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2010/04/23 17:36:46 | 549,915,647 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/23 03:01:46 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/04/23 02:28:43 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/23 02:28:43 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/04/23 02:08:05 | 000,005,632 | ---- | C] () -- C:\Users\DeadMan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 00:58:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/22 17:20:13 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/22 17:20:12 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/22 17:20:12 | 000,065,536 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f7a-4e29-11df-8afd-001a921cbab6}.TM.blf
[2010/04/22 17:07:10 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/22 17:07:10 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/22 17:07:10 | 000,065,536 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{03a09f2d-4e29-11df-8afd-001a921cbab6}.TM.blf
[2010/04/21 20:25:44 | 030,004,942 | ---- | C] () -- C:\IMG_4526_7_8_tonemapped.tif
[2010/04/21 20:06:27 | 030,021,330 | ---- | C] () -- C:\IMG_4511_2_3_tonemapped.tif
[2010/04/20 21:49:59 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 21:49:59 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 21:49:59 | 000,065,536 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat{336dbae5-4cbc-11df-a75d-001a921cbab6}.TM.blf
[2010/04/20 16:31:55 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2010/04/20 00:34:21 | 000,001,291 | ---- | C] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe.lnk
[2010/04/18 22:34:05 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/04/18 22:34:05 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/18 22:34:05 | 000,001,364 | ---- | C] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/04/18 22:34:05 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Revo7.1_Tray.lnk
[2010/04/18 22:34:05 | 000,001,060 | ---- | C] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
[2010/04/18 22:34:05 | 000,001,035 | ---- | C] () -- C:\Users\DeadMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2010/04/18 22:34:05 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2010/04/18 21:52:02 | 000,524,288 | ---- | C] () -- C:\1406.BIN
[2010/04/18 17:41:23 | 000,016,623 | ---- | C] () -- C:\Clipboard-1.jpg
[2010/04/18 14:54:47 | 000,000,020 | -HS- | C] () -- C:\Users\DeadMan\ntuser.ini
[2010/04/18 14:46:20 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/04/18 14:28:40 | 002,359,296 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat
[2010/04/18 14:28:40 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 14:28:40 | 000,524,288 | -HS- | C] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 14:28:40 | 000,262,144 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat.LOG1
[2010/04/18 14:28:40 | 000,065,536 | -HS- | C] () -- C:\Users\DeadMan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/18 14:28:40 | 000,000,000 | -HS- | C] () -- C:\Users\DeadMan\ntuser.dat.LOG2
[2010/04/18 14:25:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/04/18 14:23:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/18 13:47:16 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/18 13:47:16 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/04/18 13:21:03 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010/04/17 23:01:05 | 000,147,425 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Aide.chm
[2010/04/17 23:01:05 | 000,120,468 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Hilfe.chm
[2010/04/17 23:01:05 | 000,114,279 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Help.chm
[2010/04/17 20:46:36 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\ClassX.dll
[2010/04/17 20:46:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ClassXps.dll
[2010/04/17 19:08:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/17 18:16:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/17 17:57:23 | 000,002,052 | -H-- | C] () -- C:\Users\DeadMan\Documents\Default.rdp
[2010/04/17 17:04:46 | 001,595,175 | ---- | C] () -- C:\Windows\SysNative\PenTablet.znc
[2010/04/17 17:01:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/04/17 17:01:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/04/17 16:38:41 | 000,007,801 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010/04/17 16:13:52 | 000,001,460 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/17 16:07:06 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\AD777BAB7F.sys
[2010/04/17 16:06:05 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\570D8AE41E.sys
[2010/04/17 16:00:56 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/04/17 14:49:37 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/04/17 13:48:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/17 12:26:14 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/04/17 12:19:10 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/04/17 12:19:10 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/04/17 11:48:30 | 2146,344,959 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/03 18:41:38 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2010/04/03 18:41:38 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2010/03/25 14:09:49 | 000,071,600 | ---- | C] () -- C:\bill25March2010.pdf
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

OTL Extras logfile created on: 24/04/2010 01:53:26 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\DeadMan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): z:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.51 Gb Total Space | 267.63 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 14.81 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive T: | 465.76 Gb Total Space | 455.69 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Drive Z: | 15.00 Gb Total Space | 5.83 Gb Free Space | 38.90% Space Free | Partition Type: NTFS

Computer Name: ODDBALL
Current User Name: DeadMan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E39A0E87-79C4-43A8-AC37-37DBF7CC10D2}" = Adobe Photoshop Lightroom 3 Beta 2 64-bit
"BurnInTest_is1" = BurnInTest v6.0 Standard
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"FinePrint" = FinePrint
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.44 (64-bit)
"SP6" = Logitech SetPoint 6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.6 Release Preview r2494
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57217148-69B8-48D8-B517-77AA6415C2D3}" = Revo 7.1 Drivers
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeāā€˛¢ 4.1
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DE78CC49-411B-4898-AAF4-ECDDD51CF54D}" = Revo 7.1
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA478FED-F9B4-4176-88C3-41937786872D}" = ExpPrint
"{EA561335-6495-47DE-A7A0-CD4ED101D4F6}" = CAM Wizard
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"BurnInTest_is1" = BurnInTest v6.0 Pro
"CallStation_is1" = CallStation 5.4
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Eraser 5.3" = Eraser 5.3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow v1.1.3356 [2010-04-11]
"Foxit Reader" = Foxit Reader
"FreeFileSync" = FreeFileSync
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Launchy_21344213_is1" = Launchy 2.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MPE" = MyPhoneExplorer
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"OCCT_is1" = OCCT Perestroika 3.1.0
"Pen Tablet Driver" = Pen Tablet
"PhoneTray" = PhoneTray Free
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.1
"Polipo" = Polipo 1.0.4
"PowerISO" = PowerISO
"qt7lite_is1" = QT Lite 3.0.0
"QuickSFV" = QuickSFV (Remove only)
"RealAlt_is1" = Real Alternative 1.9.0
"ReClock" = ReClock
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Resplendent Registrar 3.00 " = Resplendent Registrar 3.00
"Revo Uninstaller" = Revo Uninstaller 1.87
"simple2_is1" = Tone Mapping Plug-In 1.2
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"TIMELEFT3_is1" = TimeLeft
"Tor" = Tor 0.2.1.22
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Vidalia" = Vidalia 0.2.6
"Video Card Stability Test" = Video Card Stability Test
"VisiPics_is1" = VisiPics V1.30
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"XnView_is1" = XnView 1.97
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-49934496-765774766-2657998212-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

< End of report >

Edited by Deadman3000, 24 April 2010 - 02:56 AM.


#6 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 April 2010 - 03:27 AM

OK I just ran GMER again in normal startup and it still gives the popup error on startup and again when I click the Scan button. I let it scan and it got to the end of the scan and then just sits there with the spinning Windows 7 busy icon. I am guessing it crashed because when I click on the window it goes grey. I assume this is what happaned in safe mode too.

Now what?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 24 April 2010 - 03:49 AM

Hi there,
GMER will not run on 64 bit systems. However, I see no obvious signs of malware.

Could you please list me the errors from the eventviewer?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 April 2010 - 06:57 AM

The system keeps having a BSOD. It's different each time though. Sometimes it's a stop: 0x0000001c error. The last one whilst doing an online Eset NOD scan was 0x0000007e pointing to ntfs.sys

Does this sound more like a bad driver or hardware error?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 24 April 2010 - 07:29 AM

I think its a good idea to run a disk check first.

Open the Start Menu.

In the Start Menu search box area type run, then right click on run (at top), and click on Run as administrator.

In the runbox type chkdsk /r and press enter. If asked to schedule the disk check on the next reboot do so and reboot the computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 Deadman3000

Deadman3000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 April 2010 - 08:08 AM

I've pretty much been through all of that before. I did a chkdsk /f, a full surface scan using the hard disk tool provided by the manufacturer, memtest86+ (Although I only ran it for a few hours). I am suspicious of a few things. The most obvious one being the memory I upgraded from 2Gb to 8GB which I installed shortly before the problems began. I may have to yank out the new sticks and see how it runs for a few days. The other thing I am suspicious of is that it may be a power problem. Not sure how to test that theory though. I've just disconnected a couple of CD burners I rarely use (Why I have 3 in the machine I don't know lol) to see if it improves anything. Other suspects are the Nvidia SLI video cards, The Nvidia driver (Just switched back to an earlier MS version).

Tough one to track down this one. If anyone can decipher a minidump for me that would give me some clue perhaps.

Edited by Deadman3000, 24 April 2010 - 08:09 AM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 24 April 2010 - 08:27 AM

Chkdsk /f isn't the same as chkdsk /r, I really recommend you do that one as well.

Did you run sfc /scannow (which checks integrity of system files)? If not, thats also a good idea.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 04 May 2010 - 11:29 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 12 May 2010 - 09:21 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users