Jump to content

Recommended Posts

Long story short: Antivirus software detected a malicious file and deleted it. Now when Windows starts I'm greeted with:

"Run.dll

There was a problem starting

C:\users\USERNAME\AppData\Roaming\Star Ruler\ntfvcltbb3\tb.dll

The specified module could not be found"

The DLL file was deleted by the antivirus.

A scan with Comodo shows no other infections.

Malwarebytes log also shows nothing:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6516

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

06/05/2011 15:46:49

mbam-log-2011-05-06 (15-46-49).txt

Scan type: Quick scan

Objects scanned: 186984

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by sorimachi at 13:06:29.66 on 06/05/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1041.18.4095.2367 [GMT 9:00]

.

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

D:\games_7\[Retail]\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Older Program Files\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\explorer.exe

D:\[_Downloads]\MBytes\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = file:///D:/%5BCoding_backups%5D/test/Offline/Offline_index.html

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Classic Shell

\ClassicExplorer32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program

Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Classic Shell

\ClassicExplorer32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe"

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart

/startifwork

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe

2\KeePass.exe" --preload

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [VirtualCloneDrive] "C:\Older Program Files\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"

StartupFolder: C:\Users\sorimachi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs

\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe

StartupFolder: C:\Users\sorimachi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs

\Startup\Update.lnk - C:\Windows\System32\rundll32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} -

C:\Classic Shell\ClassicExplorer32.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: google.com\mail

DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} -

hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4

.3.1.0.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

Notify: WBSrv - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program

Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - C:\Older Program

Files\DVD Region+CSS Free\DVDShell.dll

BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Classic

Shell\ClassicExplorer64.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:

\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic

Shell\ClassicExplorer64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software

\LgDevAgt.exe"

mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager

\LCDMon.exe"

mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series

Software\LGDCore.exe" /SHOWHIDE

mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe" -h

AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program

Files (x86)\Stardock\Fences\FencesMenu64.dll

STS-X64: Deskscapes Class: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Older Program

Files\deskscapes.dll

STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program

Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles

\h5xx6daj.default\

FF - prefs.js: browser.startup.homepage - file:///D:/%5BCoding_backups

%5D/test/Offline/Offline_index.html

FF - component: C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles

\h5xx6daj.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components

\nstidy.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration

\Registered\1\NP_wtapp.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%

\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions

\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions

\{d37dc5d0-431d-44e5-8c91-49419370caa1}

FF - Ext: Firesizer: {04426594-bce6-4705-b811-bcdba2fd9c7b} - %profile%\extensions

\{04426594-bce6-4705-b811-bcdba2fd9c7b}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%

\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions

\chromifox@altmusictv.com

FF - Ext: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - %profile%\extensions

\{81514210-E22A-4e69-93D5-E1EFD45B4620}

FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%

\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

FF - Ext: VertTabbar: verttabbar@frnchfrgg.org - %profile%\extensions

\verttabbar@frnchfrgg.org

FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions

\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}

FF - Ext: Html Validator: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} - %profile%

\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%

\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: UrlParams: {433AF77F-54E5-425b-81D7-6884C7AE77E6} - %profile%\extensions

\{433AF77F-54E5-425b-81D7-6884C7AE77E6}

FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%

\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

.

============= SERVICES / DRIVERS ===============

.

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers

\cmderd.sys [2011-5-2 16016]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers

\cmdGuard.sys [2011-5-2 252344]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers

\cmdhlp.sys [2011-5-2 41712]

R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-25 20968]

R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\games_7\[Retail]\Dragon Age

\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 LGBusEnum;Logicool GamePanel Virtual Bus Enumerator Driver;C:\Windows

\System32\drivers\LGBusEnum.sys [2009-7-14 22408]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11

187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-6-22 136176]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:

\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

[2010-6-20 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing

Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service

\CTAELicensing.exe [2010-6-19 79360]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App

\GamesAppService.exe [2010-10-13 206072]

S3 gupdatem;Google Update ???? (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-6-22 136176]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011

-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat

\WatAdminSvc.exe [2010-6-20 1255736]

.

=============== Created Last 30 ================

.

2011-05-06 02:39:01 -------- d-----w- C:\Users\sorimachi\AppData

\Roaming\Malwarebytes

2011-05-06 02:38:54 38224 ----a-w- C:\Windows\SysWow64\drivers

\mbamswissarmy.sys

2011-05-06 02:38:53 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-05-06 02:38:50 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-06 02:38:50 -------- d-----w- C:\Program Files

(x86)\Malwarebytes' Anti-Malware

2011-05-06 02:18:17 -------- d-----w- C:\Windows\pss

2011-05-05 16:43:10 -------- d-----w- C:\Users\sorimachi\AppData

\Roaming\Dwarfs

2011-05-05 10:10:27 -------- d-----w- C:\Program Files\COMODO

2011-05-05 10:10:05 -------- d-----w- C:\PROGRA~3\Comodo

2011-05-05 10:05:35 -------- d-----w- C:\Program Files\AVAST

Software

2011-05-05 10:05:35 -------- d-----w- C:\PROGRA~3\AVAST Software

2011-05-05 07:49:20 -------- d-----w- C:\Windows\SysWow64\xlive

2011-05-05 07:48:37 -------- d-----w- C:\Program Files

(x86)\Microsoft Games for Windows - LIVE

2011-05-05 07:47:02 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows

Defender\Definition Updates\{54A6620A-5E5A-4BAA-AF64-3986FEA8C611}\mpengine.dll

2011-05-03 17:46:56 -------- d-----w- C:\Users\sorimachi\AppData

\Roaming\SquareLogic

2011-05-02 11:36:48 41712 ----a-w- C:\Windows\System32\drivers

\cmdhlp.sys

2011-05-02 11:36:48 252344 ----a-w- C:\Windows\System32\drivers

\cmdGuard.sys

2011-05-02 11:36:46 16016 ----a-w- C:\Windows\System32\drivers

\cmderd.sys

2011-05-02 11:36:04 284744 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-05-02 11:36:02 360976 ----a-w- C:\Windows\System32\guard64.dll

2011-05-01 03:13:58 -------- d-----w- C:\Users\sorimachi\AppData

\Roaming\System

2011-05-01 03:13:56 -------- d-----w- C:\Users\sorimachi\AppData

\Local\Universe Sandbox

2011-05-01 03:13:54 -------- d-sh--w- C:\Users\sorimachi\AppData

\Roaming\wyUpdate AU

2011-04-27 17:42:11 2870272 ----a-w- C:\Windows\explorer.exe

2011-04-27 17:42:10 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-27 17:41:54 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-04-27 17:41:53 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-04-27 17:37:14 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-04-27 17:37:13 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-04-27 17:37:13 166272 ----a-w- C:\Windows\System32\drivers

\nvstor.sys

2011-04-27 17:37:13 148352 ----a-w- C:\Windows\System32\drivers

\nvraid.sys

2011-04-27 17:37:12 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-04-27 17:37:12 107904 ----a-w- C:\Windows\System32\drivers

\amdsata.sys

2011-04-27 17:37:11 410496 ----a-w- C:\Windows\System32\drivers

\iaStorV.sys

2011-04-27 17:37:11 27008 ----a-w- C:\Windows\System32\drivers

\amdxata.sys

2011-04-27 17:37:11 187264 ----a-w- C:\Windows\System32\drivers

\storport.sys

2011-04-27 17:37:10 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-04-27 17:37:09 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-04-27 17:33:34 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-04-27 17:33:34 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-04-21 15:27:49 -------- d-----w- C:\Fraps

2011-04-17 02:08:01 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-04-17 02:06:34 476160 ----a-w- C:\Windows

\System32\XpsGdiConverter.dll

2011-04-17 02:05:52 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-04-17 02:00:20 286720 ----a-w- C:\Windows\System32\drivers

\mrxsmb10.sys

2011-04-17 02:00:20 157696 ----a-w- C:\Windows\System32\drivers

\mrxsmb.sys

2011-04-17 02:00:20 126464 ----a-w- C:\Windows\System32\drivers

\mrxsmb20.sys

2011-04-17 02:00:19 90624 ----a-w- C:\Windows\System32\drivers

\bowser.sys

2011-04-16 03:21:45 -------- d-----w- C:\Users\sorimachi\AppData

\Local\The Wonderful End of the World

2011-04-16 02:58:15 -------- d-----w- C:\PROGRA~3\FlyVPN

2011-04-15 16:27:01 -------- d-----w- C:\Users\sorimachi\AppData

\Roaming\Lazy 8 Studios

2011-04-15 16:21:19 -------- d-----w- C:\Users\sorimachi\AppData

\Local\Lazy 8 Studios

2011-04-14 07:47:32 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2011-04-14 07:47:30 84992 ----a-w- C:\Windows\System32\frapsv64.dll

2011-04-13 18:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla

Firefox\plugins\nppdf32.dll

2011-04-13 18:39:02 103864 ----a-w- C:\Program Files (x86)\Internet

Explorer\Plugins\nppdf32.dll

2011-04-09 09:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-04-09 09:55:42 13642904 ----a-w- C:\Windows

\SysWow64\xlivefnt.dll

.

==================== Find3M ====================

.

2011-05-05 12:35:47 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-05-05 12:35:47 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-05-05 12:35:47 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-05-05 12:35:47 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-03-16 17:17:30 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-03-16 17:17:25 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-03-14 14:47:42 178800 ----a-w- C:\Windows

\SysWow64\CmdLineExt_x64.dll

2011-03-12 07:40:37 18960 ----a-w- C:\Windows\System32\drivers

\LNonPnP.sys

2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 03:49:49 65536 ----a-w- C:\Program Files

(x86)\win64checkKBDK.exe

2011-03-11 03:41:36 503352 ----a-w- C:\Windows\System32\drivers\sptd.sys

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-07 02:08:13 93552 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll

2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch

\AppPatch64\AcXtrnal.dll

2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch

\AppPatch64\AcLayers.dll

2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:52 288256 ----a-w- C:\Windows

\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers

\srvnet.sys

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 07:36:58 51712 ----a-w- C:\Windows\System32\drivers

\usbaapl64.sys

2011-02-18 07:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe

.

============= FINISH: 13:09:46.08 ===============

The only strange behavior I've noticed is the aforementioned Run.dll error message on start up and odd DVD drive behavior where Windows 7 will at times remove the DVD drive from the system (such that it no longer shows in Explorer -- rebooting tends to solve it). As the drive was made before Windows 7 was released, I don't think it is related to the problem causing the Run.dll error but thought it best to mention it just in case.

Link to post
Share on other sites

Hello and :welcome:

Lets first try to get rid of the RunDll error.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi,

I followed the instructions (and fully disabled Comodo) but every time I try to run Combofix I get the following error:

"Were you trying to run CFScript? The name, CFScript appears to be incorrectly spelt"

The program then exits without making a log.

It has created what appears to be a volume in the location C:\ComboFix with the following inside it:

CF6730.cfxxe, CregC_.dat and an en-US folder with CF6730.cfxxe.mui inside it.

Link to post
Share on other sites

Okay, I managed to get it working by fully uninstalling Comodo. The log is as follows:

ComboFix 11-05-05.04 - sorimachi 07/05/2011 1:48.1.4 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1041.18.4095.3035 [GMT 9:00]

Running from: c:\users\sorimachi\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\sorimachi\AppData\Roaming\Microsoft\Windows\Recent\18 Wheels of Steel Extreme Trucker.url

c:\windows\SysWow64\Data

.

.

((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))

.

.

2011-05-06 16:54 . 2011-05-06 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-06 16:54 . 2011-05-06 16:54 -------- d-----w- c:\users\Naoko\AppData\Local\temp

2011-05-06 16:54 . 2011-05-06 16:54 -------- d-----w- c:\users\sorimachi-J\AppData\Local\temp

2011-05-06 06:28 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5791E92E-3953-4DB3-803C-2F672A33164A}\mpengine.dll

2011-05-06 02:39 . 2011-05-06 02:39 -------- d-----w- c:\users\sorimachi\AppData\Roaming\Malwarebytes

2011-05-06 02:38 . 2010-12-20 09:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-06 02:38 . 2011-05-06 02:38 -------- d-----w- c:\programdata\Malwarebytes

2011-05-06 02:38 . 2011-05-06 02:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-06 02:38 . 2010-12-20 09:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-05 16:43 . 2011-05-05 16:49 -------- d-----w- c:\users\sorimachi\AppData\Roaming\Dwarfs

2011-05-05 10:06 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-05 10:05 . 2011-05-05 12:11 -------- d-----w- c:\programdata\AVAST Software

2011-05-05 10:05 . 2011-05-05 10:05 -------- d-----w- c:\program files\AVAST Software

2011-05-05 07:49 . 2011-05-05 07:49 -------- d-----w- c:\windows\SysWow64\xlive

2011-05-05 07:48 . 2011-05-05 07:49 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-05-03 17:46 . 2011-05-03 17:47 -------- d-----w- c:\users\sorimachi\AppData\Roaming\SquareLogic

2011-05-01 03:13 . 2011-05-01 03:13 -------- d-----w- c:\users\sorimachi\AppData\Roaming\System

2011-05-01 03:13 . 2011-05-01 03:14 -------- d-----w- c:\users\sorimachi\AppData\Local\Universe Sandbox

2011-05-01 03:13 . 2011-05-01 03:13 -------- d-sh--w- c:\users\sorimachi\AppData\Roaming\wyUpdate AU

2011-04-27 17:42 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2011-04-27 17:42 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2011-04-27 17:41 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-04-27 17:41 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 17:37 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-27 17:37 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-27 17:37 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-27 17:37 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll

2011-04-27 17:37 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-27 17:37 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll

2011-04-27 17:37 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-27 17:37 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-27 17:37 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-27 17:37 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-04-27 17:37 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-04-27 17:33 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 17:33 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-04-21 15:27 . 2011-04-21 15:28 -------- d-----w- C:\Fraps

2011-04-17 02:08 . 2011-02-24 06:29 1197056 ----a-w- c:\windows\system32\wininet.dll

2011-04-17 02:06 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-17 02:05 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-04-17 02:00 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-17 02:00 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-17 02:00 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-17 02:00 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-16 03:21 . 2011-04-16 03:21 -------- d-----w- c:\users\sorimachi\AppData\Local\The Wonderful End of the World

2011-04-16 02:58 . 2011-04-16 02:59 -------- d-----w- c:\programdata\FlyVPN

2011-04-15 16:27 . 2011-04-15 16:27 -------- d-----w- c:\users\sorimachi\AppData\Roaming\Lazy 8 Studios

2011-04-15 16:21 . 2011-04-15 16:21 -------- d-----w- c:\users\sorimachi\AppData\Local\Lazy 8 Studios

2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-04-14 07:47 . 2011-04-14 07:47 84992 ----a-w- c:\windows\system32\frapsv64.dll

2011-04-13 18:39 . 2011-04-13 18:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-04-13 18:39 . 2011-04-13 18:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-05 12:35 . 2010-06-29 15:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-05-05 12:35 . 2010-06-29 15:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-05-05 12:35 . 2010-06-29 15:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-05-05 12:35 . 2010-06-29 15:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-03-16 17:17 . 2010-12-25 15:27 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-03-16 17:17 . 2010-12-25 15:27 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-03-14 14:47 . 2011-03-14 14:47 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-03-12 07:40 . 2010-06-20 05:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-03-11 15:11 . 2009-08-18 03:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-03-11 15:11 . 2009-08-18 02:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-11 03:49 . 2011-03-11 03:49 65536 ----a-w- c:\program files (x86)\win64checkKBDK.exe

2011-03-11 03:41 . 2011-03-11 03:24 503352 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll

2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll

2011-03-04 06:17 . 2011-04-27 17:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-27 17:40 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-02-19 06:37 . 2011-03-09 02:28 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 06:37 . 2011-03-09 02:28 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 06:36 . 2011-03-09 02:28 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32 . 2011-03-09 02:28 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 05:32 . 2011-03-09 02:28 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-02-18 07:36 . 2011-02-18 07:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2011-02-18 07:36 . 2011-02-18 07:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]

@="{594D4122-1F87-41E2-96C7-825FB4796516}"

[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]

2010-07-02 11:57 292864 ----a-w- c:\classic shell\ClassicExplorer32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-21 39408]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-27 14848]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2010-07-09 1548288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"VirtualCloneDrive"="c:\older program files\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\sorimachi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Update.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\older program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2010-11-29 04:40 534832 ----a-w- c:\progra~2\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games_7\[Retail]\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 20:07 25832]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 136176]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-20 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-19 79360]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update ???? (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 17:19 136176]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S3 LGBusEnum;Logicool GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 17:19]

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 17:19]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]

@="{594D4122-1F87-41E2-96C7-825FB4796516}"

[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]

2010-07-02 11:57 344576 ----a-w- c:\classic shell\ClassicExplorer64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2011-01-19 464744]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = file:///D:/%5BCoding_backups%5D/test/Offline/Offline_index.html

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

Trusted Zone: google.com\mail

DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab

FF - ProfilePath - c:\users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\

FF - prefs.js: browser.startup.homepage - file:///D:/%5BCoding_backups%5D/test/Offline/Offline_index.html

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

FF - Ext: Firesizer: {04426594-bce6-4705-b811-bcdba2fd9c7b} - %profile%\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com

FF - Ext: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - %profile%\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

FF - Ext: VertTabbar: verttabbar@frnchfrgg.org - %profile%\extensions\verttabbar@frnchfrgg.org

FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}

FF - Ext: Html Validator: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} - %profile%\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: UrlParams: {433AF77F-54E5-425b-81D7-6884C7AE77E6} - %profile%\extensions\{433AF77F-54E5-425b-81D7-6884C7AE77E6}

FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-3443658969.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.50826.0\Silverlight.Configuration.exe

.

.

"ImagePath"="d:\games_7\

[Retail]\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe"

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DAUpdaterSvc]

"ImagePath"="d:\games_7\

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.032"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ani"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.arw"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bay"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bmp"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bw"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cr2"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.crw"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cs1"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cur"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dcr"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dcx"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dib"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dng"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.emf"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.eps"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.erf"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.fff"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.gif"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.hdr"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.icl"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (S-1-5-21-2054027473-3391990551-4038288108-1003)

@Denied: (2) (LocalSystem)

"Progid"="icofile"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.iff"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ilbm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.int"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.inta"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.j2c"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.j2k"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jfif"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jif"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jp2"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpc"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpe"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpeg"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpg"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpk"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpx"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.lbm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mef"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mos"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mrw"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.nef"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.orf"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pbm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pcd"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pct"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pcx"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pef"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pgm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pic"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pict"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pix"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (S-1-5-21-2054027473-3391990551-4038288108-1003)

@Denied: (2) (LocalSystem)

"Progid"="Photoshop.PNGFile.9"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ppm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.psd"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.psp"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pspimage"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.raf"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ras"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.raw"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rgb"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rgba"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rle"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rsb"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sgi"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sr2"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tga"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.thm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tif"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tiff"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (S-1-5-21-2054027473-3391990551-4038288108-1003)

@Denied: (2) (LocalSystem)

"Progid"="ttcfile"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (S-1-5-21-2054027473-3391990551-4038288108-1003)

@Denied: (2) (LocalSystem)

"Progid"="ttffile"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wbm"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wbmp"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wmf"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xif"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xmp"

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:42,5c,f2,e8,2b,ac,bd,ad,43,27,d1,bb,ba,a7,b2,c5,9c,ec,0a,ef,b6,ee,41,

30,9d,1f,d8,42,07,b4,ee,cd,f6,b0,bb,ef,0d,36,7a,55,35,d8,e8,aa,cd,8b,a8,33,\

"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

.

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\SecuROM\License information*]

"datasecu"=hex:92,fd,c7,36,08,9a,dc,e2,44,d0,33,23,3c,40,e1,af,75,52,42,c2,0a,

ff,87,1e,4d,b1,92,77,88,05,8a,2a,f4,55,4f,ea,1b,a2,3a,18,f4,b5,77,81,8d,48,\

"rkeysecu"=hex:93,1e,d4,20,a2,d7,37,8c,e3,cc,76,bc,ca,ef,c6,e3

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-07 01:56:41

ComboFix-quarantined-files.txt 2011-05-06 16:56

.

Pre-Run: 57,533,800,448 bytes free

Post-Run: 57,865,388,032 bytes free

.

- - End Of File - - F8E7F22AC3806594C452CF62721B02A4

Link to post
Share on other sites

Yes the Run.dll error still appears on start up.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6520

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

07/05/2011 03:43:27

mbam-log-2011-05-07 (03-43-27).txt

Scan type: Full scan (C:\|)

Objects scanned: 402403

Time elapsed: 58 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\installer\{d1fd3035-dd6f-4a17-bc30-784e97efbc68}\icond1fd30351.txt (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Can you please give me the exact error?

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hi,

The error I get is:

"Run.dll

There was a problem starting

C:\users\USERNAME\AppData\Roaming\Star Ruler\ntfvcltbb3\tb.dll

The specified module could not be found"

I also scanned the remaining HDs I use with this PC last night while I slept, the results are as follows:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6520

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

07/05/2011 09:59:12

mbam-log-2011-05-07 (09-58-53).txt

Scan type: Full scan (D:\|)

Objects scanned: 887106

Time elapsed: 2 hour(s), 43 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6520

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

07/05/2011 10:04:26

mbam-log-2011-05-07 (10-04-26).txt

Scan type: Full scan (F:\|)

Objects scanned: 195586

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The content of OTL.txt is as follows:

OTL logfile created on: 07/05/2011 10:21:29 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\sorimachi\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 172.88 Gb Total Space | 55.63 Gb Free Space | 32.18% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 120.52 Gb Free Space | 12.94% Space Free | Partition Type: NTFS

Drive E: | 60.00 Gb Total Space | 29.85 Gb Free Space | 49.75% Space Free | Partition Type: NTFS

Drive F: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS

Drive I: | 483.23 Mb Total Space | 245.82 Mb Free Space | 50.87% Space Free | Partition Type: FAT

Drive J: | 983.22 Mb Total Space | 197.53 Mb Free Space | 20.09% Space Free | Partition Type: FAT

Computer Name: NORIKO7 | User Name: sorimachi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 10:20:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sorimachi\Desktop\OTL.exe

PRC - [2011/03/07 22:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Older Program Files\VirtualCloneDrive\VCDDaemon.exe

PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/10/12 23:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

PRC - [2010/09/20 10:41:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2005/07/16 06:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 10:20:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sorimachi\Desktop\OTL.exe

MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll

MOD - [2010/12/03 12:50:14 | 000,860,672 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wblind.dll

MOD - [2010/11/29 13:40:34 | 000,081,985 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbhelp.dll

MOD - [2010/08/21 14:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2010/06/07 14:10:52 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/02 20:36:06 | 002,504,936 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent)

SRV:64bit: - [2010/01/30 06:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/04/27 12:29:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/03/17 02:17:25 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/10/13 02:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/06/20 12:52:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/06/19 23:32:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/04/01 16:39:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/16 05:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- D:\games_7\[Retail]\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/02 20:36:46 | 000,016,016 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2011/03/11 15:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 15:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/01/16 01:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/12/17 07:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010/06/29 15:24:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2010/06/29 15:24:24 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2010/05/11 12:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2009/12/31 19:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009/11/10 20:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 20:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/10/16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)

DRV:64bit: - [2009/09/23 10:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009/09/23 10:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009/09/23 10:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 10:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 09:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/11 05:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/11 05:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///D:/%5BCoding_backups%5D/test/Offline/Offline_index.html

IE - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 3E B4 6E C3 12 CB 01 [binary data]

IE - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "file:///D:/%5BCoding_backups%5D/test/Offline/Offline_index.html"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82

FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:1.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2

FF - prefs.js..extensions.enabledItems: verttabbar@frnchfrgg.org:2.8.2

FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5

FF - prefs.js..extensions.enabledItems: {433AF77F-54E5-425b-81D7-6884C7AE77E6}:2.2.2

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5

FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23

FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 09:43:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/23 10:26:12 | 000,000,000 | ---D | M]

[2010/06/20 01:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Extensions

[2011/05/06 17:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions

[2010/06/20 02:11:08 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

[2011/03/04 11:19:37 | 000,000,000 | ---D | M] ("Firesizer") -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}

[2011/03/22 11:35:44 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2010/06/20 14:24:24 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

[2010/06/20 14:15:52 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}

[2010/06/20 14:15:45 | 000,000,000 | ---D | M] (UrlParams) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{433AF77F-54E5-425b-81D7-6884C7AE77E6}

[2010/06/20 02:35:47 | 000,000,000 | ---D | M] (Full Flat) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}

[2011/05/01 10:41:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/06/20 02:08:25 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

[2011/04/08 11:14:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/03/25 05:31:15 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2011/03/13 14:22:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/06/20 02:08:18 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\chromifox@altmusictv.com

[2010/09/20 15:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\toolbar@ask.com

[2010/06/20 02:16:46 | 000,000,000 | ---D | M] (VertTabbar) -- C:\Users\sorimachi\AppData\Roaming\Mozilla\Firefox\Profiles\h5xx6daj.default\extensions\verttabbar@frnchfrgg.org

[2011/03/15 01:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/09/15 22:55:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/23 16:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/18 22:43:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/15 01:04:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/07 01:54:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)

O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O3:64bit: - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Older Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)

O4 - Startup: C:\Users\sorimachi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2054027473-3391990551-4038288108-1003\..Trusted Domains: google.com ([mail] https in Trusted sites)

O16 - DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} http://www.dotbook.jp/crochet/download/T-TimeCrochet.cab (CrochetCtrl Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - File not found

O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)

O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Older Program Files\deskscapes.dll (Stardock Corporation)

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Older Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/08 05:58:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 10:20:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\sorimachi\Desktop\OTL.exe

[2011/05/07 02:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2011/05/07 02:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/05/07 02:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2011/05/07 01:59:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/05/07 01:56:43 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/05/07 01:45:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/07 01:45:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/05/06 22:32:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/06 22:32:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/06 22:31:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/06 22:29:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/06 11:39:01 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\Malwarebytes

[2011/05/06 11:38:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/05/06 11:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/06 11:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/06 11:38:50 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/05/06 11:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/05/06 11:18:17 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/05/06 01:43:10 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\Dwarfs

[2011/05/05 19:06:12 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/05/05 19:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/05/05 19:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/05/05 16:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011/05/05 16:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011/05/05 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011/05/04 02:46:56 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\SquareLogic

[2011/05/02 20:36:46 | 000,016,016 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2011/05/02 20:36:04 | 000,284,744 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2011/05/02 20:36:02 | 000,360,976 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2011/05/01 12:13:58 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\System

[2011/05/01 12:13:56 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\Documents\Universe Sandbox

[2011/05/01 12:13:56 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Local\Universe Sandbox

[2011/05/01 12:13:54 | 000,000,000 | -HSD | C] -- C:\Users\sorimachi\AppData\Roaming\wyUpdate AU

[2011/04/28 02:42:11 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011/04/28 02:42:10 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2011/04/28 02:41:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011/04/28 02:41:53 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011/04/28 02:37:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011/04/28 02:37:12 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011/04/28 02:37:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011/04/28 02:37:11 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011/04/28 02:37:11 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011/04/28 02:37:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011/04/28 02:37:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011/04/28 02:33:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2011/04/28 02:33:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2011/04/22 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\Documents\Grotesque-Tactics

[2011/04/22 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011/04/22 00:27:49 | 000,000,000 | ---D | C] -- C:\Fraps

[2011/04/17 11:07:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/04/17 11:07:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2011/04/17 11:07:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/04/17 11:07:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/04/17 11:07:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/04/17 11:07:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/04/17 11:07:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/04/17 11:07:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/04/17 11:07:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/04/17 11:07:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/04/17 11:07:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/04/17 11:07:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/04/17 11:07:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/04/17 11:07:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/04/17 11:06:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011/04/17 11:06:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011/04/17 11:06:21 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011/04/17 11:06:21 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011/04/17 11:06:21 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011/04/17 11:06:20 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011/04/17 11:06:20 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011/04/17 11:06:20 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011/04/17 11:06:20 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011/04/17 11:06:02 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/04/17 11:06:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/04/17 11:06:01 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/04/17 11:05:52 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011/04/17 11:05:52 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011/04/17 11:05:51 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011/04/17 11:05:51 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011/04/17 11:05:35 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011/04/17 11:05:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011/04/17 11:05:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011/04/17 11:05:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011/04/17 11:05:28 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011/04/17 11:05:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011/04/17 11:05:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011/04/17 11:05:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011/04/16 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Local\The Wonderful End of the World

[2011/04/16 11:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN

[2011/04/16 01:27:01 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Roaming\Lazy 8 Studios

[2011/04/16 01:21:19 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\AppData\Local\Lazy 8 Studios

[2011/04/14 16:47:32 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll

[2011/04/14 16:47:30 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll

[2011/04/09 18:55:44 | 015,453,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll

[2011/04/09 18:55:42 | 013,642,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll

[2011/04/09 02:28:16 | 000,000,000 | ---D | C] -- C:\Users\sorimachi\Documents\Anomaly Warzone Earth

[2011/04/09 00:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anomaly Warzone Earth

[2011/04/08 21:10:42 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2011/04/08 21:10:42 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2011/04/08 21:10:42 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2011/04/08 21:10:42 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2011/04/08 21:10:42 | 012,859,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2011/04/08 21:10:42 | 010,078,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2011/04/08 21:10:42 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2011/04/08 21:10:42 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2011/04/08 21:10:42 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2011/04/08 21:10:42 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2011/04/08 21:10:42 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2011/04/08 21:10:42 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/04/08 21:10:42 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2011/04/08 21:10:42 | 001,965,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2011/04/08 21:10:42 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll

[2011/04/08 21:10:42 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll

[2011/04/08 21:10:42 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011/04/08 21:10:42 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011/04/08 21:10:42 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 10:24:21 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2011/05/07 10:22:05 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/07 10:22:05 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/07 10:20:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sorimachi\Desktop\OTL.exe

[2011/05/07 10:15:06 | 000,000,688 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/07 10:14:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2011/05/07 10:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/07 10:14:24 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/07 09:35:00 | 000,000,692 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/07 02:11:34 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2011/05/07 01:54:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/05/06 22:27:55 | 000,009,550 | ---- | M] () -- C:\Users\sorimachi\Documents\keepass_db1.kdbx

[2011/05/06 13:01:23 | 000,000,020 | ---- | M] () -- C:\Users\sorimachi\defogger_reenable

[2011/05/05 23:17:38 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Dwarfs.url

[2011/05/05 21:35:47 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2011/05/05 21:35:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2011/05/05 21:35:47 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2011/05/05 21:35:47 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2011/05/05 19:06:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/05/05 18:28:31 | 000,001,495 | ---- | M] () -- C:\Windows\SysNative\.ini

[2011/05/05 17:14:22 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Section 8 Prejudice.url

[2011/05/04 18:48:38 | 001,305,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/05/04 18:48:38 | 000,652,230 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/05/04 18:48:38 | 000,410,422 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat

[2011/05/04 18:48:38 | 000,121,332 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat

[2011/05/04 18:48:38 | 000,121,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/05/03 13:34:40 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Zeno Clash.url

[2011/05/02 20:36:46 | 000,016,016 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2011/05/02 20:36:02 | 000,360,976 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2011/05/02 16:29:52 | 000,000,600 | ---- | M] () -- C:\Users\sorimachi\AppData\Local\PUTTY.RND

[2011/05/01 13:04:02 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Section 8.url

[2011/05/01 11:45:31 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Universe Sandbox.url

[2011/04/30 22:24:58 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Left 4 Dead 2.url

[2011/04/30 22:24:34 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Left 4 Dead.url

[2011/04/29 18:29:56 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Counter-Strike Source.url

[2011/04/29 18:29:42 | 000,000,210 | ---- | M] () -- C:\Users\sorimachi\Desktop\Garry's Mod.url

[2011/04/29 16:55:16 | 000,000,234 | ---- | M] () -- C:\Users\sorimachi\Desktop\Blue Shift Unlocked.url

[2011/04/29 13:59:22 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Lost Coast.url

[2011/04/29 13:59:07 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Episode Two.url

[2011/04/29 13:58:43 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Episode One.url

[2011/04/29 13:58:17 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life 2.url

[2011/04/29 13:57:19 | 000,000,209 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life Blue Shift.url

[2011/04/29 13:56:32 | 000,000,208 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life Opposing Force.url

[2011/04/29 13:55:10 | 000,000,208 | ---- | M] () -- C:\Users\sorimachi\Desktop\Half-Life.url

[2011/04/29 13:19:27 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Chime.url

[2011/04/29 13:19:08 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Everyday Genius SquareLogic.url

[2011/04/28 10:18:18 | 000,000,211 | ---- | M] () -- C:\Users\sorimachi\Desktop\Darkspore.url

[2011/04/19 02:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/04/19 00:28:18 | 000,001,144 | ---- | M] () -- C:\Users\sorimachi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2011/04/17 11:31:22 | 000,289,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/04/14 16:47:32 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll

[2011/04/14 16:47:30 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll

[2011/04/09 18:55:44 | 015,453,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll

[2011/04/09 18:55:42 | 013,642,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll

[2011/04/09 18:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat

[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 02:11:34 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2011/05/06 22:32:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/06 22:32:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/06 22:32:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/06 22:32:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/06 22:32:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/06 13:01:23 | 000,000,020 | ---- | C] () -- C:\Users\sorimachi\defogger_reenable

[2011/05/05 23:17:38 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Dwarfs.url

[2011/05/05 19:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/05/05 18:28:31 | 000,001,495 | ---- | C] () -- C:\Windows\SysNative\.ini

[2011/05/05 17:14:22 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Section 8 Prejudice.url

[2011/05/03 13:34:40 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Zeno Clash.url

[2011/05/01 13:04:02 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Section 8.url

[2011/05/01 11:45:31 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Universe Sandbox.url

[2011/04/30 22:24:57 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Left 4 Dead 2.url

[2011/04/30 22:24:34 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Left 4 Dead.url

[2011/04/29 18:29:56 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Counter-Strike Source.url

[2011/04/29 18:29:42 | 000,000,210 | ---- | C] () -- C:\Users\sorimachi\Desktop\Garry's Mod.url

[2011/04/29 16:54:10 | 000,000,234 | ---- | C] () -- C:\Users\sorimachi\Desktop\Blue Shift Unlocked.url

[2011/04/29 13:59:22 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Lost Coast.url

[2011/04/29 13:59:07 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Episode Two.url

[2011/04/29 13:58:43 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life 2 Episode One.url

[2011/04/29 13:58:17 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life 2.url

[2011/04/29 13:57:19 | 000,000,209 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life Blue Shift.url

[2011/04/29 13:56:32 | 000,000,208 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life Opposing Force.url

[2011/04/29 13:55:10 | 000,000,208 | ---- | C] () -- C:\Users\sorimachi\Desktop\Half-Life.url

[2011/04/29 13:19:27 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Chime.url

[2011/04/29 13:19:08 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Everyday Genius SquareLogic.url

[2011/04/28 10:18:18 | 000,000,211 | ---- | C] () -- C:\Users\sorimachi\Desktop\Darkspore.url

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/04/01 14:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat

[2011/03/11 12:49:49 | 000,065,536 | ---- | C] () -- C:\Program Files (x86)\win64checkKBDK.exe

[2011/03/03 21:13:19 | 000,000,212 | ---- | C] () -- C:\Users\sorimachi\AppData\Roaming\Lucid_player_profiles_data.dat

[2011/03/03 21:13:19 | 000,000,008 | ---- | C] () -- C:\Users\sorimachi\AppData\Roaming\Lucid_player_highscore.dat

[2011/02/27 22:03:21 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

[2011/02/27 21:16:36 | 000,004,096 | -H-- | C] () -- C:\Users\sorimachi\AppData\Local\keyfile3.drm

[2011/01/28 16:22:41 | 000,066,714 | ---- | C] () -- C:\Users\sorimachi\AppData\Roaming\icarus-dxdiag.xml

[2011/01/23 22:11:34 | 000,000,600 | ---- | C] () -- C:\Users\sorimachi\AppData\Local\PUTTY.RND

[2011/01/23 16:18:09 | 001,278,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/26 00:27:03 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/12/26 00:27:01 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe

[2010/12/26 00:27:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/09/07 21:53:35 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini

[2010/08/13 00:23:07 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI

[2010/07/25 21:50:24 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe

[2010/07/25 16:33:23 | 001,238,032 | ---- | C] () -- C:\Windows\setup_rangers.exe

[2010/07/04 00:28:31 | 000,007,604 | ---- | C] () -- C:\Users\sorimachi\AppData\Local\Resmon.ResmonCfg

[2010/06/30 23:00:04 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat

[2010/06/21 22:56:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/06/21 00:36:06 | 000,038,912 | ---- | C] () -- C:\Users\sorimachi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/20 18:58:03 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\LTAW12FN.BIN

[2010/06/19 23:31:10 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/06/19 23:31:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/07/14 14:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 11:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 11:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 09:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/14 06:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007/06/07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:EAEE7554

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:908A1B53

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:CAF8DAC8

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:ADFAD95A

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:583FE1DA

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:1C5E8189

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:0E22C5DB

@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:8E9C9E8F

@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:8E5EA40F

@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:425759C6

@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:40EE25BB

@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:2DF54B62

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:53DF59D1

@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F9EDCFB0

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:29C0641D

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:09867A8B

@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:8B4B9596

@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:F67AAFC5

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:D01ACC06

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0BBF232A

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:EB4FEEF5

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:CCB49694

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:3CA557DB

@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:EA7D76BE

@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:90865A6D

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:AED33A42

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:737160C1

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:6BFA43EB

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:8C81B36D

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:80EA2EA3

@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:F2DC4B0B

@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:C3D26A8A

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:5A437AC3

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:880F0FEF

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:569CEE83

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:124B94C0

@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:803039D6

@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:16A4620C

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:F44D3C53

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:EB42AC3C

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:D2397415

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C9CDDE5E

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C22674B6

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:B3942462

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:9DF07E8F

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:78739EC9

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:46CBC45C

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:FAFEC4B9

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E07EA07E

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:9F50A55A

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:7EC01D6D

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:43C9D140

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:C0692342

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:491270B8

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:3E06C78F

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:32FFF2D1

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:058A7351

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:EF0C5444

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:ED2998F5

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:97C4F81F

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:8C1EFEB8

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:3FD496E1

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:8944C195

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:5216EF84

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:12EA4DC9

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:8DD36B71

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:7A0FEE87

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:6378B6B8

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:1B9E79B3

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:4A2862FF

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:2F141B68

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:CC4C59B4

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:C3C72D5F

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:AC0528D9

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:89A5891E

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:609CAC7C

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:16B49C20

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11EFE63D

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:07D9FF25

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:F1175E1D

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:732E4B72

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:B1FCBEB0

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:102394C6

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:99A29126

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:7DC6E295

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:6BF0805F

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:EC5EFA15

@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:78802203

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:E51234A9

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:84E7BFEB

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:F14D1F80

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:8247A199

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:58860EF5

@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:92A815D8

@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:86148D88

@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:018E744F

@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:FC2E567F

@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:12D2EB9C

@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:80FE037D

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:88E3B9B6

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:A688EF17

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:059167AF

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:5EB87975

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:F9C33F77

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:661DC753

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0696EC8E

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:190B5C6B

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F3F12752

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E7729B98

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:53B8C5D2

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3571475C

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:751D6870

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADAD2FFE

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A5CD91DF

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D453E38B

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:10D45FC3

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9290C91C

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206470A5

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0EC7A545

@Alternate Data Stream - 120 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:99AC3203

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29861223

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB7898D

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:330E66BD

< End of report >

Link to post
Share on other sites

And Extras.txt:

OTL Extras logfile created on: 07/05/2011 10:21:29 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\sorimachi\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 172.88 Gb Total Space | 55.63 Gb Free Space | 32.18% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 120.52 Gb Free Space | 12.94% Space Free | Partition Type: NTFS

Drive E: | 60.00 Gb Total Space | 29.85 Gb Free Space | 49.75% Space Free | Partition Type: NTFS

Drive F: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS

Drive I: | 483.23 Mb Total Space | 245.82 Mb Free Space | 50.87% Space Free | Partition Type: FAT

Drive J: | 983.22 Mb Total Space | 197.53 Mb Free Space | 20.09% Space Free | Partition Type: FAT

Computer Name: NORIKO7 | User Name: sorimachi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2054027473-3391990551-4038288108-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Older Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Older Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Older Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Older Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{9F1F4E90-5808-3CA8-8FF6-A5B0E60AF268}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E0D1C1F2-2DD0-4F44-BB9B-F2FBE84CA3AD}" = Classic Shell

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16

"Defraggler" = Defraggler

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - ???

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"SP6" = Logitech SetPoint 6.0

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00B2E284-0B9A-33B4-7E91-BAFD1E35CAFE}" = TweetDeck

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1E99F8BD-85B0-4660-B756-1559E1BED376}" = Create

Link to post
Share on other sites

I have managed to disable the error. I went into msconfig and found an entry in the Startup tab labeled:

Update | Unknown | C:\Windows\System32\rundll32.exe "C:\Users\sorimachi\AppData\Roaming\Star Ruler\ntfvcltbb3\tb.dll", Run | C:\Users\sorimachi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

And unchecked it and rebooted.

While it's still listed in msconfig, the Run.dll error is no longer showing up on startup.

Link to post
Share on other sites

Hi, in that case, lets do a search for the loading point.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    ntfvcltbb3\tb.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 04.09.10 by jpshortstuff

Log created at 19:04 on 07/05/2011 by sorimachi

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "ntfvcltbb3\tb.dll"

No data found.

-= EOF =-

Link to post
Share on other sites

SystemLook 04.09.10 by jpshortstuff

Log created at 21:50 on 07/05/2011 by sorimachi

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "tb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]

"DllName"="eBayTB.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE}]

"DllName"="eBayTB.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

"DllName"="msntb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

"DllName"="msntb.dll;msntb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3318360C-1AFC-4D09-A86B-9F9CB6DCEB9C}\InProcServer32]

@="%SystemRoot%\system32\msutb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}]

"MenuTextPUI"="@%SystemRoot%\System32\msutb.dll,-328"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\InProcServer32]

@="%SystemRoot%\system32\msutb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}\InProcServer32]

@="%systemroot%\system32\mssphtb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3318360C-1AFC-4D09-A86B-9F9CB6DCEB9C}\InProcServer32]

@="%SystemRoot%\system32\msutb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}]

"MenuTextPUI"="@%SystemRoot%\System32\msutb.dll,-328"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\InProcServer32]

@="%SystemRoot%\system32\msutb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}\InProcServer32]

@="%systemroot%\system32\mssphtb.dll"

-= EOF =-

Link to post
Share on other sites

If I add a check to the "Update" entry in I mentioned above (the one in the Startup tab in msconfig) to re-enable it, the error appears again during start up.

Star Ruler is not installed -- it also doesn't look like it uses the directory in Roaming. So I think whatever malware was on the PC had simply copied its name so that it could hide.

Link to post
Share on other sites

It's in the Startup tab and is listed as:

Startup Item: Update

Manufacturer: Unknown

Command: C:\Windows\System32\rundll32.exe "C:\Users\sorimachi\AppData\Roaming\Star Ruler\ntfvcltbb3\tb.dll", Run

Location C:\Users\sorimachi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

I have checked the location, it is empty (Explorer is set to show all files including hidden ones).

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.