# RunDLL error"The specified module could not be found."



## Xdflames

Hello, first post and was hoping you guys could help me out here. 
I have been having this error for quite a while now, I suppose it happened because of me deleting something I wasn't supposed to on accident.

On start-up I get the error message titled RunDLL that says:

There was a problem starting
c:\Users\---\AppData\Roaming\atvshgtm.dll

The specified module could not be found.

Running Windows 7 64 bit. Any help is appreciated.

Edit: Just to point out, there is only an "OK" option afterwards, which I can click and it will run fine. The first time it popped up I looked around and couldn't find anything, then afterwards I ended up ignoring it for a while.


----------



## Phantom010

Please click *HERE* to download and install *HijackThis.* 

Run it and select *Do a system scan and save a logfile* from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next reply.

*IMPORTANT: Do not "Fix" anything* 

If Windows is denying access to the Hosts file, *disable the UAC* and run HijackThis again.


----------



## Xdflames

Here it is.
----------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:22 PM, on 8/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AWMouseCI.lnk = C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxeb_device - Unknown owner - C:\Windows\system32\lxebcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10374 bytes


----------



## Phantom010

As I suspected, your computer is infected. Please click on *Report* and kindly ask to be moved to the *Virus & Other Malware Removal *forum. Be sure to provide the appropriate reports in that forum after reading *THIS*. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.


----------



## Xdflames

I do not think my computer is infected, but I will do as you asked.

Here is the DDS with the Attach attached to the post as asked. Also, this is off-topic, but could you tell me why I have more then one Conhost's running in my processes? It has been doing that ever since I got my computer.
-------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ben at 17:17:50 on 2011-08-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4202 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienware.com/
uDefault_Page_URL = hxxp://www.alienware.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files (x86)\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{E7968A59-B590-4F57-A315-6D4DE7D3DC45} : DhcpNameServer = 74.128.19.102 74.128.17.114
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-4 14648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-23 13336]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-12-23 705856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilterDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-22 20:45:55 388096 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 20:45:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-22 19:53:38 -------- d-----w- C:\Users\Ben\AppData\Local\{F72284A0-A704-4D6C-84B5-DF7C99C83A75}
2011-08-22 19:53:27 -------- d-----w- C:\Users\Ben\AppData\Local\{738ADF71-5959-4183-A02E-5C5960FC4C06}
2011-08-22 02:39:10 -------- d-----w- C:\Users\Ben\AppData\Local\{15B5DDA6-52A8-4A6A-8D0E-FB4FE76A58D8}
2011-08-22 02:38:37 -------- d-----w- C:\Users\Ben\AppData\Local\{7FDAF9F0-0EE6-449E-821E-DA6FD0FB3BD4}
2011-08-21 23:40:14 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ADBA92E-DF1F-4B2D-9721-43285E4D4288}\mpengine.dll
2011-08-21 14:38:06 -------- d-----w- C:\Users\Ben\AppData\Local\{634446C5-2CC2-4884-9CCA-0CF275247B7C}
2011-08-21 14:37:53 -------- d-----w- C:\Users\Ben\AppData\Local\{6C56C878-2B0A-4ED5-A52E-FA3615CF8038}
2011-08-20 16:08:02 -------- d-----w- C:\Users\Ben\AppData\Local\{27687CD2-61E5-4EEB-AC48-78C0C547C836}
2011-08-20 16:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\{FA96B01D-52A7-43CA-B1B4-64E2635962D7}
2011-08-19 20:42:07 -------- d-----w- C:\Users\Ben\AppData\Local\{BFE0C3D4-13EC-426E-85D2-8F231EC0A2E0}
2011-08-19 20:41:56 -------- d-----w- C:\Users\Ben\AppData\Local\{5B48B9F1-954E-4087-AC2F-440CBE3D4589}
2011-08-18 20:25:14 -------- d-----w- C:\Users\Ben\AppData\Local\{1A69BC32-4F5F-431A-BD3D-EB683E8F9D37}
2011-08-18 20:25:02 -------- d-----w- C:\Users\Ben\AppData\Local\{317A8AA8-E9D6-497E-BBB8-BE0F0A6D7A04}
2011-08-17 20:00:31 -------- d-----w- C:\Users\Ben\AppData\Local\{2B7ACA1D-2368-464E-BA70-DFAF96DD5F95}
2011-08-17 20:00:18 -------- d-----w- C:\Users\Ben\AppData\Local\{D95B02C9-AC43-4077-BA83-0DE5D817B0CF}
2011-08-16 17:16:00 -------- d-----w- C:\Users\Ben\AppData\Local\{F8234D12-6263-4A6E-8AA2-CA9DC3F93059}
2011-08-16 17:15:26 -------- d-----w- C:\Users\Ben\AppData\Local\{C9C2AF20-2E7D-4E30-AB71-F2897C9B84FC}
2011-08-16 15:27:10 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-16 05:15:01 -------- d-----w- C:\Users\Ben\AppData\Local\{DB0BD9FE-F9EF-4CEA-A209-5BCA2975C7A6}
2011-08-16 05:14:27 -------- d-----w- C:\Users\Ben\AppData\Local\{13758CCA-2927-47A8-B067-E3926EC4BB90}
2011-08-15 17:14:15 -------- d-----w- C:\Users\Ben\AppData\Local\{B708E39F-3195-4C50-8C97-C0018C892E2F}
2011-08-15 17:13:42 -------- d-----w- C:\Users\Ben\AppData\Local\{4E5099D5-A51A-44E0-80C3-838DC89BEEF6}
2011-08-15 05:13:17 -------- d-----w- C:\Users\Ben\AppData\Local\{7E0E35B1-B5E1-4902-B00C-933A899AA41F}
2011-08-15 05:12:45 -------- d-----w- C:\Users\Ben\AppData\Local\{115125E1-78D2-4150-B8A8-B84794DD7C0C}
2011-08-14 17:12:19 -------- d-----w- C:\Users\Ben\AppData\Local\{35871A5C-5B23-4507-B131-DEB426B65476}
2011-08-14 17:11:52 -------- d-----w- C:\Users\Ben\AppData\Local\{1D842A12-9949-448A-BD54-3DEF3056D1A3}
2011-08-13 18:03:09 -------- d-----w- C:\Users\Ben\AppData\Local\{D919D427-0217-4639-9425-F11AEB17890F}
2011-08-13 18:02:45 -------- d-----w- C:\Users\Ben\AppData\Local\{448DC873-D195-43F5-8F7B-E50B1B17ADB2}
2011-08-13 05:17:52 -------- d-----w- C:\Users\Ben\AppData\Local\{D49CF5BE-13F5-471C-8262-C392475DD418}
2011-08-13 05:17:19 -------- d-----w- C:\Users\Ben\AppData\Local\{14F2E2D0-695E-44A6-9BD3-1EBDEFC5AB09}
2011-08-12 17:16:53 -------- d-----w- C:\Users\Ben\AppData\Local\{EDF1A7FA-2504-4302-90D0-A36E4769C668}
2011-08-12 17:16:20 -------- d-----w- C:\Users\Ben\AppData\Local\{D2C69EEE-5B82-4B10-A000-8878D5DA9474}
2011-08-12 05:15:55 -------- d-----w- C:\Users\Ben\AppData\Local\{4005ED97-48C9-4762-81B3-3E07FE69031A}
2011-08-12 05:15:22 -------- d-----w- C:\Users\Ben\AppData\Local\{A7A2C386-15BB-4C44-AB1A-6F36F2BCF5EA}
2011-08-11 17:15:09 -------- d-----w- C:\Users\Ben\AppData\Local\{CC10CBC9-F30B-4E34-B363-CFC60A7C308B}
2011-08-11 17:14:37 -------- d-----w- C:\Users\Ben\AppData\Local\{4BE2F749-3C89-4F05-911B-7D96DE313807}
2011-08-11 16:22:15 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAD5597A-FF17-4568-B9BD-CB37A90EE054}\gapaengine.dll
2011-08-11 05:14:12 -------- d-----w- C:\Users\Ben\AppData\Local\{72997A44-F610-48B3-ACBC-C328D56C7BA2}
2011-08-11 05:13:38 -------- d-----w- C:\Users\Ben\AppData\Local\{956CD10C-53BC-4B98-AA26-E534C3BF23FE}
2011-08-10 17:13:25 -------- d-----w- C:\Users\Ben\AppData\Local\{861DA62C-0101-44CE-BDFC-9DB0BF5B7838}
2011-08-10 17:12:52 -------- d-----w- C:\Users\Ben\AppData\Local\{582DDA31-EDD2-4CE0-93A0-46EE2FCE4BB9}
2011-08-10 05:12:28 -------- d-----w- C:\Users\Ben\AppData\Local\{D073D85A-519F-479E-907B-EE27B78A7F05}
2011-08-10 05:11:55 -------- d-----w- C:\Users\Ben\AppData\Local\{14EBEEBD-6A85-41AC-9DC9-593172549E00}
2011-08-09 17:11:42 -------- d-----w- C:\Users\Ben\AppData\Local\{2A487D99-3F08-4CF2-AB5A-6F2041D4EFB4}
2011-08-09 17:11:09 -------- d-----w- C:\Users\Ben\AppData\Local\{8F7AE3A0-E4E1-4715-9539-F0AEF0214890}
2011-08-09 05:10:45 -------- d-----w- C:\Users\Ben\AppData\Local\{BDC2B8D9-7B53-408A-AA59-D2029719EB4C}
2011-08-09 05:10:11 -------- d-----w- C:\Users\Ben\AppData\Local\{2D959B95-CBF6-468E-BA82-2CAA3650ACBA}
2011-08-08 17:09:55 -------- d-----w- C:\Users\Ben\AppData\Local\{DAC22408-CF29-47D2-A93B-894D77080B47}
2011-08-08 17:09:33 -------- d-----w- C:\Users\Ben\AppData\Local\{48C1AAD5-233A-4228-9612-3A7F078D2992}
2011-08-07 20:58:27 -------- d-----w- C:\Users\Ben\AppData\Local\{E9A8CD52-8228-4E59-9F2B-DFB06FC5F833}
2011-08-07 20:58:03 -------- d-----w- C:\Users\Ben\AppData\Local\{F08C52E8-687D-4D8B-956F-7D14EE747326}
2011-08-07 00:40:12 -------- d-----w- C:\Users\Ben\AppData\Local\{B9779C1E-B044-4E17-8AAB-5785BE228D19}
2011-08-05 23:43:16 -------- d-----w- C:\Users\Ben\AppData\Local\{DA0F01B5-FB4D-4A4C-9573-F86CAF65BB3B}
2011-08-05 23:43:03 -------- d-----w- C:\Users\Ben\AppData\Local\{C25695D4-080E-430A-975D-F42F8215668D}
2011-08-05 17:12:26 -------- d-----w- C:\Users\Ben\AppData\Local\{24537CA9-0A94-4C41-8678-403ACB90586E}
2011-08-05 07:27:32 -------- d-----w- C:\Program Files\iTunes
2011-08-05 07:27:32 -------- d-----w- C:\Program Files\iPod
2011-08-05 07:26:16 -------- d-----w- C:\Program Files\Bonjour
2011-08-05 07:26:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-08-05 03:42:14 -------- d-----w- C:\Users\Ben\AppData\Local\{05D32B02-1430-426E-B750-31C3DE4DC4D6}
2011-08-05 03:41:41 -------- d-----w- C:\Users\Ben\AppData\Local\{9CB8FFA6-E81C-4F78-8A1C-05BF8BECB4CE}
2011-08-04 15:41:26 -------- d-----w- C:\Users\Ben\AppData\Local\{80779EC2-49FA-48F2-BFCE-6C022C020F15}
2011-08-03 19:18:15 -------- d-----w- C:\Users\Ben\AppData\Local\{33A3D0A9-16A6-4BAF-BDC6-3A4FA21D674F}
2011-08-02 19:59:40 -------- d-----w- C:\Users\Ben\AppData\Local\{A8E18409-BF4E-4E6E-A9F6-1D747AACD282}
2011-08-01 20:58:29 -------- d-----w- C:\Users\Ben\AppData\Local\{4782AA2E-83CB-4A6D-B9F6-D2152CFA3A59}
2011-08-01 07:45:05 -------- d-----w- C:\Users\Ben\AppData\Local\{71730BE9-14F9-4D49-831C-1433A4AA54FC}
2011-07-31 21:04:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-31 21:04:25 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-31 20:54:56 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-31 20:53:55 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-31 20:53:55 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-31 19:44:17 -------- d-----w- C:\Users\Ben\AppData\Local\{CD982A03-AE27-450C-8561-F4DFE56303EB}
2011-07-31 10:52:07 -------- d-----w- C:\Users\Ben\AppData\Local\VeniceAlphaTrial
2011-07-31 10:52:07 -------- d-----w- C:\Users\Ben\AppData\Local\BF3
2011-07-31 10:51:49 -------- d-----w- C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
2011-07-31 10:50:56 -------- d-----w- C:\ProgramData\EA Core
2011-07-31 10:27:45 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-07-31 09:53:06 -------- d-----w- C:\ProgramData\Electronic Arts
2011-07-31 08:17:47 51600 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2011-07-31 04:43:07 -------- d-----w- C:\Users\Ben\AppData\Local\Oblivion
2011-07-31 00:02:21 -------- d-----w- C:\Users\Ben\AppData\Local\{1E8273FA-8AAD-4685-B58D-AA1236681124}
2011-07-30 18:11:37 -------- d-----w- C:\Users\Ben\AppData\Local\{D4C1C9F6-0046-41CB-B107-624FA0EA8C7C}
2011-07-30 06:10:50 -------- d-----w- C:\Users\Ben\AppData\Local\{7D3564E4-4EAC-4E11-B0A3-7599DE1D86B9}
2011-07-29 18:10:00 -------- d-----w- C:\Users\Ben\AppData\Local\{9FDFF96D-966F-40B3-825C-FCC9AD7107DA}
2011-07-29 01:32:32 -------- d-----w- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
2011-07-28 18:08:16 -------- d-----w- C:\Users\Ben\AppData\Local\{2E3E2040-FA69-45A4-BAE3-7070238204DB}
2011-07-27 18:58:19 -------- d-----w- C:\Down
2011-07-27 18:57:58 -------- d-----w- C:\Windyzone
2011-07-27 18:57:38 -------- d-----w- C:\Users\Ben\AppData\Local\{C450B427-6303-4DBB-8B98-33F42F4FD222}
2011-07-27 02:37:05 -------- d-----w- C:\Program Files (x86)\Perfectworld Entertainment
2011-07-26 19:06:14 -------- d-----w- C:\Users\Ben\AppData\Local\{568710B3-F100-4900-A0B1-9FD4DAA723AB}
2011-07-26 09:49:50 -------- d-----w- C:\Program Files\Paint.NET
2011-07-26 09:49:35 -------- d-----w- C:\Users\Ben\AppData\Local\Paint.NET
2011-07-26 09:30:52 -------- d-----w- C:\ProgramData\Pure Networks
2011-07-26 05:14:48 -------- d-----w- C:\Users\Ben\AppData\Roaming\Windows Live Writer
2011-07-26 05:14:48 -------- d-----w- C:\Users\Ben\AppData\Local\Windows Live Writer
2011-07-26 05:13:42 -------- d-----w- C:\Users\Ben\AppData\Local\{81041410-FD1F-4CE7-957F-A67D30C75787}
2011-07-26 05:11:12 -------- d-----w- C:\Windows\en
2011-07-26 05:08:40 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-25 22:09:02 -------- d-----w- C:\Users\Ben\AppData\Local\{89A5987F-AD7E-42A8-8FA5-9FE013799831}
2011-07-24 20:31:45 -------- d-----w- C:\Users\Ben\AppData\Local\{E8CBF004-5F9C-406A-8774-D9CDFB359C73}
2011-07-24 08:30:59 -------- d-----w- C:\Users\Ben\AppData\Local\{FE83610E-61CB-4090-95C6-7C9A69F1B2E8}
.
==================== Find3M ====================
.
2011-08-18 20:29:14 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-20 21:10:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-07-20 21:10:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-07-20 21:07:41 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:56:08 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2011-07-09 05:56:00 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:18:19.96 ===============


----------



## eddie5659

Hiya

As I've moved it, I may as well reply to it as well 

Give me a few mins to read it, and I'll reply 

eddie


----------



## Xdflames

eddie5659 said:


> Hiya
> 
> As I've moved it, I may as well reply to it as well
> 
> Give me a few mins to read it, and I'll reply
> 
> eddie


Okay, thank you very much for reading it.


----------



## eddie5659

Just looking through, and nice to see you're a gamer, especially Bad Company 2. Are you getting BF3 when it comes out? Most of our clan are 

Anyway, back to this thread 

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## Xdflames

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:22 PM, on 8/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AWMouseCI.lnk = C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxeb_device - Unknown owner - C:\Windows\system32\lxebcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10374 bytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7539

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/22/2011 6:27:01 PM
mbam-log-2011-08-22 (18-27-01).txt

Scan type: Full scan (C:\|D:\|Y:\|)
Objects scanned: 330356
Time elapsed: 42 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer (Trojan.Agent) -> Value: Windows Explorer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ben\AppData\Local\Temp\ondc.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

I would rather not post the SUPERAntiSpyware scan log though, but if you sincerely need it let me know. It removed 326 threats though, all of them being cookies.
Unfortunately, even though my brother cleared the history cookies have been showing up. Going to have to restrict his computer access apparently.

Edit: I will be getting BF3 when it comes out, but it might be a while. It just depends on what is going on in my family and such.


----------



## Phantom010

> Registry Values Infected:
> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer (Trojan.Agent) -> Value: Windows Explorer -> Quarantined and deleted successfully.


That's what I was seeing in HijackThis.

O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint

atvshgtm.dll being in your error message.


----------



## Xdflames

Phantom010 said:


> That's what I was seeing in HijackThis.
> 
> O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
> 
> atvshgtm.dll being in your error message.


I see, thanks for pointing that out. So I would guess that it is just a coincidence that the error popped up after deleting a few things?
Also, was any of those really serious infections?

Edit: I just restarted and the error message did not come up, if there is anything else I need to do let me know. I will wait for a reply before I mark this as Solved.


----------



## Phantom010

Please wait for further instructions from *eddie5659*. MBAM and SAS may have missed more serious infections.


----------



## Xdflames

Phantom010 said:


> Please wait for further instructions from *eddie5659*. MBAM and SAS may have missed more serious infections.


Will do. Thank you.


----------



## eddie5659

Its okay about the SAS log 

Okay, lets just run this to see if anything else is present:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## Xdflames

OTL logfile created on: 8/23/2011 6:10:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.89% Memory free
11.98 Gb Paging File | 9.56 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 792.56 Gb Free Space | 85.83% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 18:09:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Downloads\OTL.exe
PRC - [2011/08/02 15:59:32 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/08/02 15:59:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/04/20 21:58:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/13 14:53:38 | 000,321,464 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,667,264 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2010/05/04 16:01:08 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/04 16:00:34 | 000,061,256 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/04 15:53:40 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/13 10:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/22 23:22:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/22 23:21:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/22 23:21:57 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/22 23:21:50 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/22 23:21:38 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/22 23:21:32 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/22 23:21:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/22 23:21:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/22 23:21:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/22 23:21:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/22 23:20:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/02 15:59:32 | 014,401,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/08/02 15:59:31 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/08/02 15:59:31 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/08/02 15:59:31 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/08/02 15:59:31 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/07/31 17:13:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll
MOD - [2010/12/23 14:49:41 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.90.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll
MOD - [2010/12/23 14:49:41 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.90.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2010/12/23 14:49:41 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.90.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2010/12/23 14:49:40 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.90.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/23 14:49:40 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.90.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/23 14:49:40 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.90.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/23 14:49:40 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.90.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/23 14:49:40 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/23 14:49:40 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2010/12/23 14:49:40 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/23 14:49:40 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/23 14:49:40 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/23 14:49:40 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.90.0__bebb3c8816410241\LightFX.dll
MOD - [2010/12/23 14:49:40 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.90.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/23 14:49:40 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.90.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/23 14:49:40 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2010/12/23 14:49:40 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.90.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/23 14:49:40 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.90.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/05/04 15:53:44 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
MOD - [2010/05/04 15:53:40 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/06/10 17:23:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 17:14:41 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/01/04 22:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2010/05/04 15:53:56 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:*64bit:* - [2010/04/14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:*64bit:* - [2009/10/27 16:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 15:59:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/20 21:58:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
SRV - [2010/12/23 15:03:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/27 01:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/13 10:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/01/04 23:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2011/01/04 22:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2010/12/23 14:40:11 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:*64bit:* - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2010/03/22 19:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:*64bit:* - [2009/07/29 22:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:*64bit:* - [2009/07/29 22:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:*64bit:* - [2009/07/29 22:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/22 19:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2009/04/22 19:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:*64bit:* - [2007/02/08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:*64bit:* - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/18 16:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/22 23:08:42 | 000,000,000 | ---D | M]

[2010/12/28 14:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2011/08/21 14:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\extensions
[2011/08/02 16:05:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/08 11:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/04 17:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/03 20:49:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/08 11:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ACHH3CJG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/18 16:28:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [] File not found
O4:*64bit:* - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:*64bit:* - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:*64bit:* - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:*64bit:* - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Overwolf] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O18:*64bit:* - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:*64bit:* - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:*64bit:* - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:*64bit:* - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 15:58:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{644B20C8-E43C-438E-B758-90472DFBCC04}
[2011/08/23 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8D546BDD-9A8C-4F09-802B-434B6545FD98}
[2011/08/22 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/22 23:08:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/22 21:26:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/22 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/22 18:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/22 18:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/22 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/22 17:43:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2011/08/22 17:43:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/22 17:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/22 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/22 17:43:22 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/22 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/22 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/22 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/22 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F72284A0-A704-4D6C-84B5-DF7C99C83A75}
[2011/08/22 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{738ADF71-5959-4183-A02E-5C5960FC4C06}
[2011/08/21 22:39:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{15B5DDA6-52A8-4A6A-8D0E-FB4FE76A58D8}
[2011/08/21 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7FDAF9F0-0EE6-449E-821E-DA6FD0FB3BD4}
[2011/08/21 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{634446C5-2CC2-4884-9CCA-0CF275247B7C}
[2011/08/21 10:37:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{6C56C878-2B0A-4ED5-A52E-FA3615CF8038}
[2011/08/20 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{27687CD2-61E5-4EEB-AC48-78C0C547C836}
[2011/08/20 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{FA96B01D-52A7-43CA-B1B4-64E2635962D7}
[2011/08/19 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BFE0C3D4-13EC-426E-85D2-8F231EC0A2E0}
[2011/08/19 16:41:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{5B48B9F1-954E-4087-AC2F-440CBE3D4589}
[2011/08/18 16:25:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1A69BC32-4F5F-431A-BD3D-EB683E8F9D37}
[2011/08/18 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{317A8AA8-E9D6-497E-BBB8-BE0F0A6D7A04}
[2011/08/17 16:00:31 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2B7ACA1D-2368-464E-BA70-DFAF96DD5F95}
[2011/08/17 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D95B02C9-AC43-4077-BA83-0DE5D817B0CF}
[2011/08/16 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F8234D12-6263-4A6E-8AA2-CA9DC3F93059}
[2011/08/16 13:15:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C9C2AF20-2E7D-4E30-AB71-F2897C9B84FC}
[2011/08/16 11:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/16 11:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/08/16 01:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DB0BD9FE-F9EF-4CEA-A209-5BCA2975C7A6}
[2011/08/16 01:14:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{13758CCA-2927-47A8-B067-E3926EC4BB90}
[2011/08/15 13:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B708E39F-3195-4C50-8C97-C0018C892E2F}
[2011/08/15 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4E5099D5-A51A-44E0-80C3-838DC89BEEF6}
[2011/08/15 01:13:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7E0E35B1-B5E1-4902-B00C-933A899AA41F}
[2011/08/15 01:12:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{115125E1-78D2-4150-B8A8-B84794DD7C0C}
[2011/08/14 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{35871A5C-5B23-4507-B131-DEB426B65476}
[2011/08/14 13:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1D842A12-9949-448A-BD54-3DEF3056D1A3}
[2011/08/13 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D919D427-0217-4639-9425-F11AEB17890F}
[2011/08/13 14:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{448DC873-D195-43F5-8F7B-E50B1B17ADB2}
[2011/08/13 01:17:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D49CF5BE-13F5-471C-8262-C392475DD418}
[2011/08/13 01:17:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{14F2E2D0-695E-44A6-9BD3-1EBDEFC5AB09}
[2011/08/12 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{EDF1A7FA-2504-4302-90D0-A36E4769C668}
[2011/08/12 13:16:20 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D2C69EEE-5B82-4B10-A000-8878D5DA9474}
[2011/08/12 01:15:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4005ED97-48C9-4762-81B3-3E07FE69031A}
[2011/08/12 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A7A2C386-15BB-4C44-AB1A-6F36F2BCF5EA}
[2011/08/11 13:15:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CC10CBC9-F30B-4E34-B363-CFC60A7C308B}
[2011/08/11 13:14:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4BE2F749-3C89-4F05-911B-7D96DE313807}
[2011/08/11 01:14:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{72997A44-F610-48B3-ACBC-C328D56C7BA2}
[2011/08/11 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{956CD10C-53BC-4B98-AA26-E534C3BF23FE}
[2011/08/10 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{861DA62C-0101-44CE-BDFC-9DB0BF5B7838}
[2011/08/10 13:12:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{582DDA31-EDD2-4CE0-93A0-46EE2FCE4BB9}
[2011/08/10 01:12:28 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D073D85A-519F-479E-907B-EE27B78A7F05}
[2011/08/10 01:11:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{14EBEEBD-6A85-41AC-9DC9-593172549E00}
[2011/08/09 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2A487D99-3F08-4CF2-AB5A-6F2041D4EFB4}
[2011/08/09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8F7AE3A0-E4E1-4715-9539-F0AEF0214890}
[2011/08/09 01:10:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BDC2B8D9-7B53-408A-AA59-D2029719EB4C}
[2011/08/09 01:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2D959B95-CBF6-468E-BA82-2CAA3650ACBA}
[2011/08/08 13:09:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DAC22408-CF29-47D2-A93B-894D77080B47}
[2011/08/08 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{48C1AAD5-233A-4228-9612-3A7F078D2992}
[2011/08/07 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{E9A8CD52-8228-4E59-9F2B-DFB06FC5F833}
[2011/08/07 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F08C52E8-687D-4D8B-956F-7D14EE747326}
[2011/08/06 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B9779C1E-B044-4E17-8AAB-5785BE228D19}
[2011/08/06 03:35:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\TShock 3.2.1.0805
[2011/08/05 19:43:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DA0F01B5-FB4D-4A4C-9573-F86CAF65BB3B}
[2011/08/05 19:43:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C25695D4-080E-430A-975D-F42F8215668D}
[2011/08/05 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Legends-Of-Yore
[2011/08/05 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{24537CA9-0A94-4C41-8678-403ACB90586E}
[2011/08/05 03:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/05 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 03:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 03:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/04 23:42:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{05D32B02-1430-426E-B750-31C3DE4DC4D6}
[2011/08/04 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9CB8FFA6-E81C-4F78-8A1C-05BF8BECB4CE}
[2011/08/04 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{80779EC2-49FA-48F2-BFCE-6C022C020F15}
[2011/08/03 15:18:15 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{33A3D0A9-16A6-4BAF-BDC6-3A4FA21D674F}
[2011/08/02 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A8E18409-BF4E-4E6E-A9F6-1D747AACD282}
[2011/08/01 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4782AA2E-83CB-4A6D-B9F6-D2152CFA3A59}
[2011/08/01 03:45:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{71730BE9-14F9-4D49-831C-1433A4AA54FC}
[2011/07/31 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/07/31 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/31 15:44:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CD982A03-AE27-450C-8561-F4DFE56303EB}
[2011/07/31 06:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\VeniceAlphaTrial
[2011/07/31 06:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\BF3
[2011/07/31 06:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
[2011/07/31 06:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/07/31 06:27:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/07/31 05:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/07/31 04:17:47 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys
[2011/07/31 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Oblivion
[2011/07/30 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Datel
[2011/07/30 20:02:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1E8273FA-8AAD-4685-B58D-AA1236681124}
[2011/07/30 14:11:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D4C1C9F6-0046-41CB-B107-624FA0EA8C7C}
[2011/07/30 02:10:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7D3564E4-4EAC-4E11-B0A3-7599DE1D86B9}
[2011/07/29 22:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/29 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9FDFF96D-966F-40B3-825C-FCC9AD7107DA}
[2011/07/28 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
[2011/07/28 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2E3E2040-FA69-45A4-BAE3-7070238204DB}
[2011/07/27 14:58:19 | 000,000,000 | ---D | C] -- C:\Down
[2011/07/27 14:57:58 | 000,000,000 | ---D | C] -- C:\Windyzone
[2011/07/27 14:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C450B427-6303-4DBB-8B98-33F42F4FD222}
[2011/07/26 22:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfectworld Entertainment
[2011/07/26 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{568710B3-F100-4900-A0B1-9FD4DAA723AB}
[2011/07/26 06:17:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Paint.NET User Files
[2011/07/26 05:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/26 05:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/26 05:54:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Notepad++
[2011/07/26 05:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/07/26 05:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/07/26 05:49:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Paint.NET
[2011/07/26 05:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2011/07/26 01:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Windows Live Writer
[2011/07/26 01:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Windows Live Writer
[2011/07/26 01:13:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{81041410-FD1F-4CE7-957F-A67D30C75787}
[2011/07/26 01:11:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/26 01:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/07/25 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{89A5987F-AD7E-42A8-8FA5-9FE013799831}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 16:04:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 16:04:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 15:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 15:56:18 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/22 23:10:10 | 000,789,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/22 23:10:10 | 000,671,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/22 23:10:10 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/22 23:10:07 | 000,789,710 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/22 23:08:43 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/22 18:35:18 | 000,001,810 | ---- | M] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/22 17:43:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 16:45:55 | 000,002,965 | ---- | M] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2011/08/18 16:28:12 | 000,002,054 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/12 03:44:01 | 000,000,129 | ---- | M] () -- C:\Users\Ben\jagex_runescape_preferences2.dat
[2011/08/12 03:17:21 | 000,000,035 | ---- | M] () -- C:\Users\Ben\jagex_runescape_preferences.dat
[2011/08/05 03:27:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 17:07:55 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/31 17:04:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/30 20:16:42 | 000,461,824 | ---- | M] () -- C:\Users\Ben\Desktop\Pokesav Black and White - PSN [English Beta].exe
[2011/07/29 22:41:55 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/26 05:54:24 | 000,001,055 | ---- | M] () -- C:\Users\Ben\Desktop\Notepad++.lnk
[2011/07/26 05:50:07 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/22 23:08:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/22 23:08:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/22 18:35:18 | 000,001,810 | ---- | C] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/22 17:43:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 16:45:55 | 000,002,965 | ---- | C] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2011/08/05 03:27:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/29 22:41:55 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/28 16:48:44 | 000,000,129 | ---- | C] () -- C:\Users\Ben\jagex_runescape_preferences2.dat
[2011/07/28 16:48:16 | 000,000,035 | ---- | C] () -- C:\Users\Ben\jagex_runescape_preferences.dat
[2011/07/26 05:54:24 | 000,001,055 | ---- | C] () -- C:\Users\Ben\Desktop\Notepad++.lnk
[2011/07/26 05:50:07 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/07/26 05:50:07 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/26 01:10:08 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/04/20 21:58:47 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/20 21:58:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/20 21:58:46 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/26 00:30:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/12 18:59:40 | 000,000,091 | ---- | C] () -- C:\Users\Ben\AppData\Local\fusioncache.dat
[2011/01/12 17:55:19 | 000,789,710 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/29 20:00:13 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/23 15:05:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/23 15:04:25 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/23 15:04:25 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/12/23 15:04:25 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/23 15:04:25 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/23 15:04:25 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/15 15:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/04 16:06:48 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/20 08:48:44 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lxebsmr.dll
[2009/02/20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\lxebsm.dll

========== LOP Check ==========

[2011/08/20 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
[2011/07/26 05:57:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Notepad++
[2011/05/02 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\runic games
[2011/07/21 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SystemRequirementsLab
[2011/07/28 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
[2011/07/26 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Windows Live Writer
[2011/07/26 19:45:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/23/2011 6:10:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.89% Memory free
11.98 Gb Paging File | 9.56 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 792.56 Gb Free Space | 85.83% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{13A3A271-B2AA-486C-9AD5-F272079BB9B5}" = Alienware TactX Keyboard CI 1.00.130
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{7A4D8A1A-7E49-A74A-038C-3A372948C9FA}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX(TM) Mouse CI 1.00
"{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{31a3fa52-836b-48df-9c60-4a5021a454db}" = Nero 9 Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = RustyHearts PWE
"{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Fraps" = Fraps (remove only)
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Runic Games Torchlight" = Torchlight
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 1250" = Killing Floor
"Steam App 22330" = The Elder Scrolls IV: Oblivion 
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 440" = Team Fortress 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 98200" = Frozen Synapse
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2011 11:26:04 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:38 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:38 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:42 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:43 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:48 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:49 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Dell Events ]
Error - 6/26/2011 1:56:37 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 1:28:25 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 1:28:25 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/2/2011 7:45:31 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/2/2011 7:45:31 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/7/2011 4:58:11 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/7/2011 4:58:11 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 4:55:01 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 4:55:01 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 6:30:18 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 8/16/2011 11:27:17 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 8/16/2011 1:48:10 PM | Computer Name = Ben-PC | Source = bowser | ID = 8003
Description =

Error - 8/16/2011 3:09:00 PM | Computer Name = Ben-PC | Source = bowser | ID = 8003
Description =

Error - 8/18/2011 4:24:31 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 8/18/2011 4:24:31 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 8/19/2011 4:41:29 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 8/19/2011 4:41:29 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 8/22/2011 11:08:27 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 for x64-based Systems (KB2539636).

Error - 8/22/2011 11:19:53 PM | Computer Name = Ben-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 8/23/2011 3:57:15 PM | Computer Name = Ben-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >


----------



## Xdflames

Edit: Uh oh, double posted. Site was lagging really bad.


----------



## eddie5659

That's okay 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 


Code:


:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Overwolf] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]


Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

eddie


----------



## Xdflames

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Overwolf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ben\Downloads\cmd.bat deleted successfully.
C:\Users\Ben\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ben
->Temp folder emptied: 449276580 bytes
->Temporary Internet Files folder emptied: 45964469 bytes
->Java cache emptied: 11408270 bytes
->FireFox cache emptied: 51503810 bytes
->Flash cache emptied: 3089948 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38856702 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 572.00 mb

[EMPTYFLASH]

User: All Users

User: Ben
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.26.5 log created on 08232011_191404

Files\Folders moved on Reboot...
C:\Users\Ben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## eddie5659

We have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


Code:


:file
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\SysNative\EptMon64.DLL
C:\Windows\SysNative\THXCfg64.DLL


Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## Xdflames

SystemLook 30.07.11 by jpshortstuff
Log created at 15:54 on 24/08/2011 by Ben
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== file ==========

C:\Program Files\Alienware\Command Center\AlienFusionService.exe - File found and opened.
MD5: CE91B46DA6D4199655FDF330373920D7
Created at 19:53 on 04/05/2010
Modified at 19:53 on 04/05/2010
Size: 14648 bytes
Attributes: --a----
FileDescription: AlienFusionService
FileVersion: 1.0.90.0
ProductVersion: 1.0.90.0
OriginalFilename: AlienFusionService.exe
InternalName: AlienFusionService.exe
ProductName: AlienFusionService
CompanyName: Alienware
LegalCopyright: Copyright © 2007
Comments: Alienware AlienFusion Service

C:\Program Files\Broadcom\BPowMon\BPowMon.exe - File found and opened.
MD5: CD6D4B6583F56F03F9C6971CFF159314
Created at 20:56 on 27/10/2009
Modified at 20:56 on 27/10/2009
Size: 117608 bytes
Attributes: --a----
FileDescription: Broadcom Power Source Monitoring Service
FileVersion: 1, 0, 6, 0
ProductVersion: 1, 0, 6, 0
OriginalFilename: BPowMon.EXE
InternalName: BPowMon
ProductName: Broadcom Power Source Monitoring Service
CompanyName: Broadcom Corp.
LegalCopyright: Broadcom Corp. Copyright 2002-2009
Comments: 

C:\Program Files (x86)\AlienRespawn\sftservice.EXE - File found and opened.
MD5: 38F88F0DF46C4D42125EF721ABD7F6B9
Created at 18:56 on 23/12/2010
Modified at 18:37 on 13/01/2011
Size: 705856 bytes
Attributes: --a----
FileDescription: SoftThinks Agent Service
FileVersion: 1, 0, 82, 66
ProductVersion: 1, 0, 82, 66
OriginalFilename: SftService.exe
InternalName: SftService.exe
ProductName: SoftThinks Agent Service
CompanyName: SoftThinks SAS
LegalCopyright: ©2007-2010 SoftThinks SAS

C:\Windows\SysNative\EptMon64.DLL - File found and opened.
MD5: 044EEC41BB39C3F8FC6175DAEAADDB35
Created at 19:04 on 23/12/2010
Modified at 19:32 on 15/10/2009
Size: 21504 bytes
Attributes: -------
FileDescription: 
FileVersion: 1, 0, 0, 2
ProductVersion: 1, 0, 0, 2
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: Creative Technology Ltd.
LegalCopyright: Copyright (C) 2009
Comments: 

C:\Windows\SysNative\THXCfg64.DLL - File found and opened.
MD5: 76B59C460C95503032E35F00BE125F7D
Created at 19:04 on 23/12/2010
Modified at 19:38 on 15/10/2009
Size: 17920 bytes
Attributes: -------
FileDescription: 
FileVersion: 1, 3, 0, 0
ProductVersion: 1, 3, 0, 0
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: Creative Technology Ltd.
LegalCopyright: Copyright (C) 2009
Comments: 

-= EOF =-


----------



## eddie5659

Thanks 

Okay, apart from those couple of entries, it looks all okay. But, as a final double-check, can you run a virus scan here and if its all okay, we'll remove the tools we've used and you'll be good to go :up:

Please run a free online scan with the *ESET Online Scanner* 
*Note*_: You will need to use Internet Explorer for this scan_
If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan.
Click *Eset Online Scanner* button.
Tick the box next to *YES, I accept the Terms of Use* 
If it wants to install an Addon, allow it.
If asked, allow the ActiveX control to install 
Click *Start* 
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked 
Click *Scan* (This scan can take several hours, so please be patient) 
Once the scan is completed, you may close the window 
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt* 
Copy and paste that log as a reply to this topic


----------



## Xdflames

Here you go.
-------------------------------
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


All it said, didn't come up with anything. Also stayed at 99% for about 10 minutes. Was pretty annoying to look at.


----------



## eddie5659

From the above, it looks all okay for me :up:

Is the computer running okay now? If its all okay, we'll remove the tools we've used, and you're good to go 

eddie


----------



## Xdflames

Yes, the computer is running just fine. It was running just fine before actually, it was just the error. So I am not exactly sure what that infection did other then say it wasn't there.

There is a few questions I have though.
What is conhost.exe and why do I normally have ~3 running at a time?

Is there anything I could do to improve start-up and shut-down time? My computer seems to go kind of slow on start-up. It doesn't take that much time, but would be nice to be faster.

And do you recommend any anti-virus/trojan programs to use?

But yes, everything is running smoothly.


----------



## eddie5659

It may have just been the remains of a previous infection, that the antivirus removed before 

As for the conhost.exe, its perfectly safe as its running from the system32 folder. This is all about it:

http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

We'll remove the tools we've used, and then I'll look at your startup list 

-----


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

If after reboot the following remain, then do this:

You can uninstall *SuperAntiSpyware* from AddRemove Programs via the Control Panel.

You can delete the *SystemLook* program off your Desktop and the *SystemLook.txt*


----------



## Xdflames

Okay, thank you. I removed everything like you said, I am not sure what OTC actually removed though. After a few seconds it just asked to reboot and I did. I uninstalled SuperAntiSpyware and SystemLook though.


----------



## eddie5659

It removes OTL and any related txt files that it produced 


---

The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious. 

Don't worry, you're not uninstalling these, just preventing them loading at startup 

================================================
AlienFX Controller - Related to Alienware Controller for Game computer. Up to you

Kernel and Hardware Abstraction Layer - Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint. Up to you

Launch Keyboard CI - Related to the Alienware keyboard - Keep

MSC - Related to Microsoft Security Essentials. Real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Keep

RtHDVCpl - Related to High_Definition_Audio_System driver from Realtek Semiconductor. Up to you

RunDLLEntry_EptMon - Related to Creative Technology Inc. Is it required? What does it do? Leave for now

RunDLLEntry_THXCfg - Related to Creative Technology Inc. Is it required? What does it do? Leave for now

Thermal Controller - Related to Alienware Thermal Controller for Game computer. Up to you

ATICustomerCare - Related to ATI Customer customer support. Not needed

IAStorIcon] - Related to Intel Rapid Recover Technology (part of Intel Matrix Storage Technology) provides a fast, easy-to-use method for the end user to recover their data and return their system to an operational status. Keep

LogMeIn Hamachi Ui - Related to RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone. Up to you

StartCCC - Related to ATI Technologies Inc. Puts the ATI Catalyst Control Center Icon/Shortcut on the System Tray. Not needed

THX Audio Control Panel - Related to Creative THX TruStudio Pro is specially designed to bring the same great audio experience found in live performances, films, and recording studios. Up to you

UpdReg - Reminder to register Creative Labs SoundBlaster Live! cards. Not needed

Messenger (Yahoo!) - Related to Yahoo! Messenger. Up to you

Steam - Related to Half Life Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game. Can be started manually. Not needed

===========================================

Okay, for the one's that say Not Needed, do this: 

Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are Not Needed, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK. 

For the Up To You ones, that's exactly that. Its your choice if you need them. One way to do this, is after you've done the above with the Not Needed, is to go back to MSCONFIG, and untick one of them. Reboot, and see if all your 'normal' programs work okay. If, for instance your Yahoo! Messenger has a problem after unticking Messenger (Yahoo!), then just go back in, retick it, and restart. 


eddie


----------



## Xdflames

Thank you very much, I knew there was a way to change what started on start up but never looked for the way how. Made it so quite a few things doesn't start up now.


----------



## eddie5659

No problem 

I tend not to have much running, except my antivirus and firewall, and some things that are needed to run.

I'll post my close out speech, and then I'll mark this as Solved 


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------------------------

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
*Install MVPS Hosts File* *From Here*
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can Find the Tutorial * *HERE*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:
*Online Armor Free*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## Xdflames

Alright, thank you very much. If I have any more problems I will be sure to visit this website first to get help.


----------

