Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: RunDLL error"The specified module could not be found."


(!)

Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 04:30 PM #1
RunDLL error"The specified module could not be found."
Hello, first post and was hoping you guys could help me out here.
I have been having this error for quite a while now, I suppose it happened because of me deleting something I wasn't supposed to on accident.

On start-up I get the error message titled RunDLL that says:

There was a problem starting
c:\Users\---\AppData\Roaming\atvshgtm.dll

The specified module could not be found.

Running Windows 7 64 bit. Any help is appreciated.

Edit: Just to point out, there is only an "OK" option afterwards, which I can click and it will run fine. The first time it popped up I looked around and couldn't find anything, then afterwards I ended up ignoring it for a while.

Last edited by Xdflames; 22-Aug-2011 at 04:36 PM.. Reason: Add information
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,318 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
22-Aug-2011, 04:42 PM #2
Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next reply.

IMPORTANT: Do not "Fix" anything


If Windows is denying access to the Hosts file, disable the UAC and run HijackThis again.
__________________

• Please read instructions and questions carefully, and reply in a timely manner... Thank you.

• Why don't you just Google it?
• If your problem is solved, please click on the Mark Solved button.
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 04:58 PM #3
Here it is.
----------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:22 PM, on 8/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AWMouseCI.lnk = C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxeb_device - Unknown owner - C:\Windows\system32\lxebcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10374 bytes
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,318 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
22-Aug-2011, 05:07 PM #4
As I suspected, your computer is infected. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 05:26 PM #5
I do not think my computer is infected, but I will do as you asked.

Here is the DDS with the Attach attached to the post as asked. Also, this is off-topic, but could you tell me why I have more then one Conhost's running in my processes? It has been doing that ever since I got my computer.
-------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ben at 17:17:50 on 2011-08-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4202 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienware.com/
uDefault_Page_URL = hxxp://www.alienware.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files (x86)\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{E7968A59-B590-4F57-A315-6D4DE7D3DC45} : DhcpNameServer = 74.128.19.102 74.128.17.114
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-4 14648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-23 13336]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-12-23 705856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilte rDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-22 20:45:55 388096 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 20:45:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-22 19:53:38 -------- d-----w- C:\Users\Ben\AppData\Local\{F72284A0-A704-4D6C-84B5-DF7C99C83A75}
2011-08-22 19:53:27 -------- d-----w- C:\Users\Ben\AppData\Local\{738ADF71-5959-4183-A02E-5C5960FC4C06}
2011-08-22 02:39:10 -------- d-----w- C:\Users\Ben\AppData\Local\{15B5DDA6-52A8-4A6A-8D0E-FB4FE76A58D8}
2011-08-22 02:38:37 -------- d-----w- C:\Users\Ben\AppData\Local\{7FDAF9F0-0EE6-449E-821E-DA6FD0FB3BD4}
2011-08-21 23:40:14 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ADBA92E-DF1F-4B2D-9721-43285E4D4288}\mpengine.dll
2011-08-21 14:38:06 -------- d-----w- C:\Users\Ben\AppData\Local\{634446C5-2CC2-4884-9CCA-0CF275247B7C}
2011-08-21 14:37:53 -------- d-----w- C:\Users\Ben\AppData\Local\{6C56C878-2B0A-4ED5-A52E-FA3615CF8038}
2011-08-20 16:08:02 -------- d-----w- C:\Users\Ben\AppData\Local\{27687CD2-61E5-4EEB-AC48-78C0C547C836}
2011-08-20 16:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\{FA96B01D-52A7-43CA-B1B4-64E2635962D7}
2011-08-19 20:42:07 -------- d-----w- C:\Users\Ben\AppData\Local\{BFE0C3D4-13EC-426E-85D2-8F231EC0A2E0}
2011-08-19 20:41:56 -------- d-----w- C:\Users\Ben\AppData\Local\{5B48B9F1-954E-4087-AC2F-440CBE3D4589}
2011-08-18 20:25:14 -------- d-----w- C:\Users\Ben\AppData\Local\{1A69BC32-4F5F-431A-BD3D-EB683E8F9D37}
2011-08-18 20:25:02 -------- d-----w- C:\Users\Ben\AppData\Local\{317A8AA8-E9D6-497E-BBB8-BE0F0A6D7A04}
2011-08-17 20:00:31 -------- d-----w- C:\Users\Ben\AppData\Local\{2B7ACA1D-2368-464E-BA70-DFAF96DD5F95}
2011-08-17 20:00:18 -------- d-----w- C:\Users\Ben\AppData\Local\{D95B02C9-AC43-4077-BA83-0DE5D817B0CF}
2011-08-16 17:16:00 -------- d-----w- C:\Users\Ben\AppData\Local\{F8234D12-6263-4A6E-8AA2-CA9DC3F93059}
2011-08-16 17:15:26 -------- d-----w- C:\Users\Ben\AppData\Local\{C9C2AF20-2E7D-4E30-AB71-F2897C9B84FC}
2011-08-16 15:27:10 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-16 05:15:01 -------- d-----w- C:\Users\Ben\AppData\Local\{DB0BD9FE-F9EF-4CEA-A209-5BCA2975C7A6}
2011-08-16 05:14:27 -------- d-----w- C:\Users\Ben\AppData\Local\{13758CCA-2927-47A8-B067-E3926EC4BB90}
2011-08-15 17:14:15 -------- d-----w- C:\Users\Ben\AppData\Local\{B708E39F-3195-4C50-8C97-C0018C892E2F}
2011-08-15 17:13:42 -------- d-----w- C:\Users\Ben\AppData\Local\{4E5099D5-A51A-44E0-80C3-838DC89BEEF6}
2011-08-15 05:13:17 -------- d-----w- C:\Users\Ben\AppData\Local\{7E0E35B1-B5E1-4902-B00C-933A899AA41F}
2011-08-15 05:12:45 -------- d-----w- C:\Users\Ben\AppData\Local\{115125E1-78D2-4150-B8A8-B84794DD7C0C}
2011-08-14 17:12:19 -------- d-----w- C:\Users\Ben\AppData\Local\{35871A5C-5B23-4507-B131-DEB426B65476}
2011-08-14 17:11:52 -------- d-----w- C:\Users\Ben\AppData\Local\{1D842A12-9949-448A-BD54-3DEF3056D1A3}
2011-08-13 18:03:09 -------- d-----w- C:\Users\Ben\AppData\Local\{D919D427-0217-4639-9425-F11AEB17890F}
2011-08-13 18:02:45 -------- d-----w- C:\Users\Ben\AppData\Local\{448DC873-D195-43F5-8F7B-E50B1B17ADB2}
2011-08-13 05:17:52 -------- d-----w- C:\Users\Ben\AppData\Local\{D49CF5BE-13F5-471C-8262-C392475DD418}
2011-08-13 05:17:19 -------- d-----w- C:\Users\Ben\AppData\Local\{14F2E2D0-695E-44A6-9BD3-1EBDEFC5AB09}
2011-08-12 17:16:53 -------- d-----w- C:\Users\Ben\AppData\Local\{EDF1A7FA-2504-4302-90D0-A36E4769C668}
2011-08-12 17:16:20 -------- d-----w- C:\Users\Ben\AppData\Local\{D2C69EEE-5B82-4B10-A000-8878D5DA9474}
2011-08-12 05:15:55 -------- d-----w- C:\Users\Ben\AppData\Local\{4005ED97-48C9-4762-81B3-3E07FE69031A}
2011-08-12 05:15:22 -------- d-----w- C:\Users\Ben\AppData\Local\{A7A2C386-15BB-4C44-AB1A-6F36F2BCF5EA}
2011-08-11 17:15:09 -------- d-----w- C:\Users\Ben\AppData\Local\{CC10CBC9-F30B-4E34-B363-CFC60A7C308B}
2011-08-11 17:14:37 -------- d-----w- C:\Users\Ben\AppData\Local\{4BE2F749-3C89-4F05-911B-7D96DE313807}
2011-08-11 16:22:15 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAD5597A-FF17-4568-B9BD-CB37A90EE054}\gapaengine.dll
2011-08-11 05:14:12 -------- d-----w- C:\Users\Ben\AppData\Local\{72997A44-F610-48B3-ACBC-C328D56C7BA2}
2011-08-11 05:13:38 -------- d-----w- C:\Users\Ben\AppData\Local\{956CD10C-53BC-4B98-AA26-E534C3BF23FE}
2011-08-10 17:13:25 -------- d-----w- C:\Users\Ben\AppData\Local\{861DA62C-0101-44CE-BDFC-9DB0BF5B7838}
2011-08-10 17:12:52 -------- d-----w- C:\Users\Ben\AppData\Local\{582DDA31-EDD2-4CE0-93A0-46EE2FCE4BB9}
2011-08-10 05:12:28 -------- d-----w- C:\Users\Ben\AppData\Local\{D073D85A-519F-479E-907B-EE27B78A7F05}
2011-08-10 05:11:55 -------- d-----w- C:\Users\Ben\AppData\Local\{14EBEEBD-6A85-41AC-9DC9-593172549E00}
2011-08-09 17:11:42 -------- d-----w- C:\Users\Ben\AppData\Local\{2A487D99-3F08-4CF2-AB5A-6F2041D4EFB4}
2011-08-09 17:11:09 -------- d-----w- C:\Users\Ben\AppData\Local\{8F7AE3A0-E4E1-4715-9539-F0AEF0214890}
2011-08-09 05:10:45 -------- d-----w- C:\Users\Ben\AppData\Local\{BDC2B8D9-7B53-408A-AA59-D2029719EB4C}
2011-08-09 05:10:11 -------- d-----w- C:\Users\Ben\AppData\Local\{2D959B95-CBF6-468E-BA82-2CAA3650ACBA}
2011-08-08 17:09:55 -------- d-----w- C:\Users\Ben\AppData\Local\{DAC22408-CF29-47D2-A93B-894D77080B47}
2011-08-08 17:09:33 -------- d-----w- C:\Users\Ben\AppData\Local\{48C1AAD5-233A-4228-9612-3A7F078D2992}
2011-08-07 20:58:27 -------- d-----w- C:\Users\Ben\AppData\Local\{E9A8CD52-8228-4E59-9F2B-DFB06FC5F833}
2011-08-07 20:58:03 -------- d-----w- C:\Users\Ben\AppData\Local\{F08C52E8-687D-4D8B-956F-7D14EE747326}
2011-08-07 00:40:12 -------- d-----w- C:\Users\Ben\AppData\Local\{B9779C1E-B044-4E17-8AAB-5785BE228D19}
2011-08-05 23:43:16 -------- d-----w- C:\Users\Ben\AppData\Local\{DA0F01B5-FB4D-4A4C-9573-F86CAF65BB3B}
2011-08-05 23:43:03 -------- d-----w- C:\Users\Ben\AppData\Local\{C25695D4-080E-430A-975D-F42F8215668D}
2011-08-05 17:12:26 -------- d-----w- C:\Users\Ben\AppData\Local\{24537CA9-0A94-4C41-8678-403ACB90586E}
2011-08-05 07:27:32 -------- d-----w- C:\Program Files\iTunes
2011-08-05 07:27:32 -------- d-----w- C:\Program Files\iPod
2011-08-05 07:26:16 -------- d-----w- C:\Program Files\Bonjour
2011-08-05 07:26:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-08-05 03:42:14 -------- d-----w- C:\Users\Ben\AppData\Local\{05D32B02-1430-426E-B750-31C3DE4DC4D6}
2011-08-05 03:41:41 -------- d-----w- C:\Users\Ben\AppData\Local\{9CB8FFA6-E81C-4F78-8A1C-05BF8BECB4CE}
2011-08-04 15:41:26 -------- d-----w- C:\Users\Ben\AppData\Local\{80779EC2-49FA-48F2-BFCE-6C022C020F15}
2011-08-03 19:18:15 -------- d-----w- C:\Users\Ben\AppData\Local\{33A3D0A9-16A6-4BAF-BDC6-3A4FA21D674F}
2011-08-02 19:59:40 -------- d-----w- C:\Users\Ben\AppData\Local\{A8E18409-BF4E-4E6E-A9F6-1D747AACD282}
2011-08-01 20:58:29 -------- d-----w- C:\Users\Ben\AppData\Local\{4782AA2E-83CB-4A6D-B9F6-D2152CFA3A59}
2011-08-01 07:45:05 -------- d-----w- C:\Users\Ben\AppData\Local\{71730BE9-14F9-4D49-831C-1433A4AA54FC}
2011-07-31 21:04:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-31 21:04:25 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-31 20:54:56 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-31 20:53:55 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-31 20:53:55 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-31 19:44:17 -------- d-----w- C:\Users\Ben\AppData\Local\{CD982A03-AE27-450C-8561-F4DFE56303EB}
2011-07-31 10:52:07 -------- d-----w- C:\Users\Ben\AppData\Local\VeniceAlphaTrial
2011-07-31 10:52:07 -------- d-----w- C:\Users\Ben\AppData\Local\BF3
2011-07-31 10:51:49 -------- d-----w- C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
2011-07-31 10:50:56 -------- d-----w- C:\ProgramData\EA Core
2011-07-31 10:27:45 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-07-31 09:53:06 -------- d-----w- C:\ProgramData\Electronic Arts
2011-07-31 08:17:47 51600 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2011-07-31 04:43:07 -------- d-----w- C:\Users\Ben\AppData\Local\Oblivion
2011-07-31 00:02:21 -------- d-----w- C:\Users\Ben\AppData\Local\{1E8273FA-8AAD-4685-B58D-AA1236681124}
2011-07-30 18:11:37 -------- d-----w- C:\Users\Ben\AppData\Local\{D4C1C9F6-0046-41CB-B107-624FA0EA8C7C}
2011-07-30 06:10:50 -------- d-----w- C:\Users\Ben\AppData\Local\{7D3564E4-4EAC-4E11-B0A3-7599DE1D86B9}
2011-07-29 18:10:00 -------- d-----w- C:\Users\Ben\AppData\Local\{9FDFF96D-966F-40B3-825C-FCC9AD7107DA}
2011-07-29 01:32:32 -------- d-----w- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
2011-07-28 18:08:16 -------- d-----w- C:\Users\Ben\AppData\Local\{2E3E2040-FA69-45A4-BAE3-7070238204DB}
2011-07-27 18:58:19 -------- d-----w- C:\Down
2011-07-27 18:57:58 -------- d-----w- C:\Windyzone
2011-07-27 18:57:38 -------- d-----w- C:\Users\Ben\AppData\Local\{C450B427-6303-4DBB-8B98-33F42F4FD222}
2011-07-27 02:37:05 -------- d-----w- C:\Program Files (x86)\Perfectworld Entertainment
2011-07-26 19:06:14 -------- d-----w- C:\Users\Ben\AppData\Local\{568710B3-F100-4900-A0B1-9FD4DAA723AB}
2011-07-26 09:49:50 -------- d-----w- C:\Program Files\Paint.NET
2011-07-26 09:49:35 -------- d-----w- C:\Users\Ben\AppData\Local\Paint.NET
2011-07-26 09:30:52 -------- d-----w- C:\ProgramData\Pure Networks
2011-07-26 05:14:48 -------- d-----w- C:\Users\Ben\AppData\Roaming\Windows Live Writer
2011-07-26 05:14:48 -------- d-----w- C:\Users\Ben\AppData\Local\Windows Live Writer
2011-07-26 05:13:42 -------- d-----w- C:\Users\Ben\AppData\Local\{81041410-FD1F-4CE7-957F-A67D30C75787}
2011-07-26 05:11:12 -------- d-----w- C:\Windows\en
2011-07-26 05:08:40 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-25 22:09:02 -------- d-----w- C:\Users\Ben\AppData\Local\{89A5987F-AD7E-42A8-8FA5-9FE013799831}
2011-07-24 20:31:45 -------- d-----w- C:\Users\Ben\AppData\Local\{E8CBF004-5F9C-406A-8774-D9CDFB359C73}
2011-07-24 08:30:59 -------- d-----w- C:\Users\Ben\AppData\Local\{FE83610E-61CB-4090-95C6-7C9A69F1B2E8}
.
==================== Find3M ====================
.
2011-08-18 20:29:14 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-20 21:10:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-07-20 21:10:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-07-20 21:07:41 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:56:08 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2011-07-09 05:56:00 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:18:19.96 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,354 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Aug-2011, 05:30 PM #6
Hiya

As I've moved it, I may as well reply to it as well

Give me a few mins to read it, and I'll reply

eddie
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 05:34 PM #7
Quote:
Originally Posted by eddie5659 View Post
Hiya

As I've moved it, I may as well reply to it as well

Give me a few mins to read it, and I'll reply

eddie
Okay, thank you very much for reading it.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,354 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Aug-2011, 05:42 PM #8
Just looking through, and nice to see you're a gamer, especially Bad Company 2. Are you getting BF3 when it comes out? Most of our clan are


Anyway, back to this thread



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 08:08 PM #9
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:22 PM, on 8/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AWMouseCI.lnk = C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxeb_device - Unknown owner - C:\Windows\system32\lxebcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10374 bytes





Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7539

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/22/2011 6:27:01 PM
mbam-log-2011-08-22 (18-27-01).txt

Scan type: Full scan (C:\|D:\|Y:\|)
Objects scanned: 330356
Time elapsed: 42 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer (Trojan.Agent) -> Value: Windows Explorer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ben\AppData\Local\Temp\ondc.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.



I would rather not post the SUPERAntiSpyware scan log though, but if you sincerely need it let me know. It removed 326 threats though, all of them being cookies.
Unfortunately, even though my brother cleared the history cookies have been showing up. Going to have to restrict his computer access apparently.

Edit: I will be getting BF3 when it comes out, but it might be a while. It just depends on what is going on in my family and such.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,318 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
22-Aug-2011, 08:22 PM #10
Quote:
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer (Trojan.Agent) -> Value: Windows Explorer -> Quarantined and deleted successfully.
That's what I was seeing in HijackThis.

O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint

atvshgtm.dll being in your error message.
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 08:26 PM #11
Quote:
Originally Posted by Phantom010 View Post
That's what I was seeing in HijackThis.

O4 - HKCU\..\Run: [Windows Explorer] rundll32.exe "C:\Users\Ben\AppData\Roaming\atvshgtm.dll",EntryPoint

atvshgtm.dll being in your error message.
I see, thanks for pointing that out. So I would guess that it is just a coincidence that the error popped up after deleting a few things?
Also, was any of those really serious infections?

Edit: I just restarted and the error message did not come up, if there is anything else I need to do let me know. I will wait for a reply before I mark this as Solved.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,318 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
22-Aug-2011, 08:42 PM #12
Please wait for further instructions from eddie5659. MBAM and SAS may have missed more serious infections.
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
22-Aug-2011, 08:44 PM #13
Quote:
Originally Posted by Phantom010 View Post
Please wait for further instructions from eddie5659. MBAM and SAS may have missed more serious infections.
Will do. Thank you.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,354 posts.
 
Join Date: Mar 2001
Location: Bradford, England
23-Aug-2011, 05:12 PM #14
Its okay about the SAS log

Okay, lets just run this to see if anything else is present:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Xdflames's Avatar
Xdflames Xdflames is offline
Computer Specs
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Intermediate
23-Aug-2011, 06:50 PM #15
OTL logfile created on: 8/23/2011 6:10:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.89% Memory free
11.98 Gb Paging File | 9.56 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 792.56 Gb Free Space | 85.83% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 18:09:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Downloads\OTL.exe
PRC - [2011/08/02 15:59:32 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/08/02 15:59:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/04/20 21:58:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/13 14:53:38 | 000,321,464 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,667,264 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2010/05/04 16:01:08 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/04 16:00:34 | 000,061,256 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/04 15:53:40 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/13 10:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 23:22:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01a c9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/22 23:21:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9 d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/22 23:21:57 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf 277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/22 23:21:50 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53 f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/22 23:21:38 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4 737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/22 23:21:32 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f 16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/22 23:21:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f9 92187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/22 23:21:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3b f3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/22 23:21:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33 f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/22 23:21:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91 cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/22 23:20:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da2522 43e673ac64b\System.ni.dll
MOD - [2011/08/02 15:59:32 | 014,401,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/08/02 15:59:31 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/08/02 15:59:31 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/08/02 15:59:31 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/08/02 15:59:31 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/07/31 17:13:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44 259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll
MOD - [2010/12/23 14:49:41 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513 \1.0.90.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513. dll
MOD - [2010/12/23 14:49:41 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.90.0 __bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2010/12/23 14:49:41 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0 .90.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2010/12/23 14:49:40 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.90.0__bebb3 c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/23 14:49:40 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.90.0__bebb3c88164102 41\AlienwareAlienFXTools.dll
MOD - [2010/12/23 14:49:40 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.90.0__bebb3c8816410241\Alie nLabsTools.dll
MOD - [2010/12/23 14:49:40 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.90.0__bebb3c 8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/23 14:49:40 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/23 14:49:40 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2010/12/23 14:49:40 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/23 14:49:40 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/23 14:49:40 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/23 14:49:40 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.90.0__bebb3c8816410241\LightFX.dll
MOD - [2010/12/23 14:49:40 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.90.0__bebb3c8816 410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/23 14:49:40 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.90.0__bebb3c881641 0241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/23 14:49:40 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.90.0__bebb3 c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2010/12/23 14:49:40 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.90.0__bebb3c881 6410241\AlienFX.Communication.Core.dll
MOD - [2010/12/23 14:49:40 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.90.0__bebb3c88164102 41\AlienFX.Communication.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/05/04 15:53:44 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
MOD - [2010/05/04 15:53:40 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/06/10 17:23:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
MOD - [2009/06/10 17:14:41 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.C ore.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/04 22:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/04 15:53:56 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2009/10/27 16:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 15:59:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/20 21:58:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
SRV - [2010/12/23 15:03:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/27 01:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/13 10:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 23:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/04 22:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/23 14:40:11 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/22 19:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/29 22:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 22:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 22:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/22 19:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 19:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/18 16:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/22 23:08:42 | 000,000,000 | ---D | M]

[2010/12/28 14:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2011/08/21 14:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\exte nsions
[2011/08/02 16:05:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\achh3cjg.default\exte nsions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/08 11:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/04 17:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/03 20:49:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/08 11:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ACHH3CJG.DEFAULT\EXTE NSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/18 16:28:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Overwolf] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 15:58:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{644B20C8-E43C-438E-B758-90472DFBCC04}
[2011/08/23 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8D546BDD-9A8C-4F09-802B-434B6545FD98}
[2011/08/22 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/22 23:08:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/22 21:26:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/22 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/22 18:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/22 18:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/22 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/22 17:43:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2011/08/22 17:43:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/22 17:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/22 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/22 17:43:22 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/22 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/22 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/22 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/22 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F72284A0-A704-4D6C-84B5-DF7C99C83A75}
[2011/08/22 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{738ADF71-5959-4183-A02E-5C5960FC4C06}
[2011/08/21 22:39:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{15B5DDA6-52A8-4A6A-8D0E-FB4FE76A58D8}
[2011/08/21 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7FDAF9F0-0EE6-449E-821E-DA6FD0FB3BD4}
[2011/08/21 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{634446C5-2CC2-4884-9CCA-0CF275247B7C}
[2011/08/21 10:37:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{6C56C878-2B0A-4ED5-A52E-FA3615CF8038}
[2011/08/20 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{27687CD2-61E5-4EEB-AC48-78C0C547C836}
[2011/08/20 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{FA96B01D-52A7-43CA-B1B4-64E2635962D7}
[2011/08/19 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BFE0C3D4-13EC-426E-85D2-8F231EC0A2E0}
[2011/08/19 16:41:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{5B48B9F1-954E-4087-AC2F-440CBE3D4589}
[2011/08/18 16:25:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1A69BC32-4F5F-431A-BD3D-EB683E8F9D37}
[2011/08/18 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{317A8AA8-E9D6-497E-BBB8-BE0F0A6D7A04}
[2011/08/17 16:00:31 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2B7ACA1D-2368-464E-BA70-DFAF96DD5F95}
[2011/08/17 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D95B02C9-AC43-4077-BA83-0DE5D817B0CF}
[2011/08/16 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F8234D12-6263-4A6E-8AA2-CA9DC3F93059}
[2011/08/16 13:15:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C9C2AF20-2E7D-4E30-AB71-F2897C9B84FC}
[2011/08/16 11:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/16 11:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/08/16 01:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DB0BD9FE-F9EF-4CEA-A209-5BCA2975C7A6}
[2011/08/16 01:14:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{13758CCA-2927-47A8-B067-E3926EC4BB90}
[2011/08/15 13:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B708E39F-3195-4C50-8C97-C0018C892E2F}
[2011/08/15 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4E5099D5-A51A-44E0-80C3-838DC89BEEF6}
[2011/08/15 01:13:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7E0E35B1-B5E1-4902-B00C-933A899AA41F}
[2011/08/15 01:12:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{115125E1-78D2-4150-B8A8-B84794DD7C0C}
[2011/08/14 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{35871A5C-5B23-4507-B131-DEB426B65476}
[2011/08/14 13:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1D842A12-9949-448A-BD54-3DEF3056D1A3}
[2011/08/13 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D919D427-0217-4639-9425-F11AEB17890F}
[2011/08/13 14:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{448DC873-D195-43F5-8F7B-E50B1B17ADB2}
[2011/08/13 01:17:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D49CF5BE-13F5-471C-8262-C392475DD418}
[2011/08/13 01:17:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{14F2E2D0-695E-44A6-9BD3-1EBDEFC5AB09}
[2011/08/12 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{EDF1A7FA-2504-4302-90D0-A36E4769C668}
[2011/08/12 13:16:20 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D2C69EEE-5B82-4B10-A000-8878D5DA9474}
[2011/08/12 01:15:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4005ED97-48C9-4762-81B3-3E07FE69031A}
[2011/08/12 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A7A2C386-15BB-4C44-AB1A-6F36F2BCF5EA}
[2011/08/11 13:15:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CC10CBC9-F30B-4E34-B363-CFC60A7C308B}
[2011/08/11 13:14:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4BE2F749-3C89-4F05-911B-7D96DE313807}
[2011/08/11 01:14:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{72997A44-F610-48B3-ACBC-C328D56C7BA2}
[2011/08/11 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{956CD10C-53BC-4B98-AA26-E534C3BF23FE}
[2011/08/10 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{861DA62C-0101-44CE-BDFC-9DB0BF5B7838}
[2011/08/10 13:12:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{582DDA31-EDD2-4CE0-93A0-46EE2FCE4BB9}
[2011/08/10 01:12:28 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D073D85A-519F-479E-907B-EE27B78A7F05}
[2011/08/10 01:11:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{14EBEEBD-6A85-41AC-9DC9-593172549E00}
[2011/08/09 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2A487D99-3F08-4CF2-AB5A-6F2041D4EFB4}
[2011/08/09 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8F7AE3A0-E4E1-4715-9539-F0AEF0214890}
[2011/08/09 01:10:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BDC2B8D9-7B53-408A-AA59-D2029719EB4C}
[2011/08/09 01:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2D959B95-CBF6-468E-BA82-2CAA3650ACBA}
[2011/08/08 13:09:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DAC22408-CF29-47D2-A93B-894D77080B47}
[2011/08/08 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{48C1AAD5-233A-4228-9612-3A7F078D2992}
[2011/08/07 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{E9A8CD52-8228-4E59-9F2B-DFB06FC5F833}
[2011/08/07 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F08C52E8-687D-4D8B-956F-7D14EE747326}
[2011/08/06 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B9779C1E-B044-4E17-8AAB-5785BE228D19}
[2011/08/06 03:35:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\TShock 3.2.1.0805
[2011/08/05 19:43:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DA0F01B5-FB4D-4A4C-9573-F86CAF65BB3B}
[2011/08/05 19:43:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C25695D4-080E-430A-975D-F42F8215668D}
[2011/08/05 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Legends-Of-Yore
[2011/08/05 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{24537CA9-0A94-4C41-8678-403ACB90586E}
[2011/08/05 03:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/05 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 03:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 03:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/04 23:42:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{05D32B02-1430-426E-B750-31C3DE4DC4D6}
[2011/08/04 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9CB8FFA6-E81C-4F78-8A1C-05BF8BECB4CE}
[2011/08/04 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{80779EC2-49FA-48F2-BFCE-6C022C020F15}
[2011/08/03 15:18:15 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{33A3D0A9-16A6-4BAF-BDC6-3A4FA21D674F}
[2011/08/02 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A8E18409-BF4E-4E6E-A9F6-1D747AACD282}
[2011/08/01 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4782AA2E-83CB-4A6D-B9F6-D2152CFA3A59}
[2011/08/01 03:45:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{71730BE9-14F9-4D49-831C-1433A4AA54FC}
[2011/07/31 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/07/31 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/31 15:44:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CD982A03-AE27-450C-8561-F4DFE56303EB}
[2011/07/31 06:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\VeniceAlphaTrial
[2011/07/31 06:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\BF3
[2011/07/31 06:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
[2011/07/31 06:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/07/31 06:27:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/07/31 05:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/07/31 04:17:47 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys
[2011/07/31 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Oblivion
[2011/07/30 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Datel
[2011/07/30 20:02:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1E8273FA-8AAD-4685-B58D-AA1236681124}
[2011/07/30 14:11:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D4C1C9F6-0046-41CB-B107-624FA0EA8C7C}
[2011/07/30 02:10:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7D3564E4-4EAC-4E11-B0A3-7599DE1D86B9}
[2011/07/29 22:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/29 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9FDFF96D-966F-40B3-825C-FCC9AD7107DA}
[2011/07/28 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
[2011/07/28 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{2E3E2040-FA69-45A4-BAE3-7070238204DB}
[2011/07/27 14:58:19 | 000,000,000 | ---D | C] -- C:\Down
[2011/07/27 14:57:58 | 000,000,000 | ---D | C] -- C:\Windyzone
[2011/07/27 14:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C450B427-6303-4DBB-8B98-33F42F4FD222}
[2011/07/26 22:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfectworld Entertainment
[2011/07/26 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{568710B3-F100-4900-A0B1-9FD4DAA723AB}
[2011/07/26 06:17:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Paint.NET User Files
[2011/07/26 05:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/26 05:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/26 05:54:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Notepad++
[2011/07/26 05:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/07/26 05:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/07/26 05:49:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Paint.NET
[2011/07/26 05:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2011/07/26 01:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Windows Live Writer
[2011/07/26 01:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Windows Live Writer
[2011/07/26 01:13:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{81041410-FD1F-4CE7-957F-A67D30C75787}
[2011/07/26 01:11:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/26 01:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/07/25 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{89A5987F-AD7E-42A8-8FA5-9FE013799831}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 16:04:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 16:04:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 15:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 15:56:18 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/22 23:10:10 | 000,789,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/22 23:10:10 | 000,671,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/22 23:10:10 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/22 23:10:07 | 000,789,710 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/22 23:08:43 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/22 18:35:18 | 000,001,810 | ---- | M] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/22 17:43:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 16:45:55 | 000,002,965 | ---- | M] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2011/08/18 16:28:12 | 000,002,054 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/12 03:44:01 | 000,000,129 | ---- | M] () -- C:\Users\Ben\jagex_runescape_preferences2.dat
[2011/08/12 03:17:21 | 000,000,035 | ---- | M] () -- C:\Users\Ben\jagex_runescape_preferences.dat
[2011/08/05 03:27:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 17:07:55 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/31 17:04:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/30 20:16:42 | 000,461,824 | ---- | M] () -- C:\Users\Ben\Desktop\Pokesav Black and White - PSN [English Beta].exe
[2011/07/29 22:41:55 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/26 05:54:24 | 000,001,055 | ---- | M] () -- C:\Users\Ben\Desktop\Notepad++.lnk
[2011/07/26 05:50:07 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/22 23:08:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/22 23:08:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/22 18:35:18 | 000,001,810 | ---- | C] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/22 17:43:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 16:45:55 | 000,002,965 | ---- | C] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2011/08/05 03:27:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/29 22:41:55 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/28 16:48:44 | 000,000,129 | ---- | C] () -- C:\Users\Ben\jagex_runescape_preferences2.dat
[2011/07/28 16:48:16 | 000,000,035 | ---- | C] () -- C:\Users\Ben\jagex_runescape_preferences.dat
[2011/07/26 05:54:24 | 000,001,055 | ---- | C] () -- C:\Users\Ben\Desktop\Notepad++.lnk
[2011/07/26 05:50:07 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/07/26 05:50:07 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/26 01:10:08 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/04/20 21:58:47 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/20 21:58:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/20 21:58:46 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/26 00:30:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/12 18:59:40 | 000,000,091 | ---- | C] () -- C:\Users\Ben\AppData\Local\fusioncache.dat
[2011/01/12 17:55:19 | 000,789,710 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/29 20:00:13 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/23 15:05:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/23 15:04:25 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/23 15:04:25 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/12/23 15:04:25 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/23 15:04:25 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/23 15:04:25 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/15 15:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/04 16:06:48 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/20 08:48:44 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lxebsmr.dll
[2009/02/20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\lxebsm.dll

========== LOP Check ==========

[2011/08/20 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
[2011/07/26 05:57:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Notepad++
[2011/05/02 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\runic games
[2011/07/21 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SystemRequirementsLab
[2011/07/28 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TerrariaWorldViewer
[2011/07/26 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Windows Live Writer
[2011/07/26 19:45:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 8/23/2011 6:10:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.89% Memory free
11.98 Gb Paging File | 9.56 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 792.56 Gb Free Space | 85.83% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{13A3A271-B2AA-486C-9AD5-F272079BB9B5}" = Alienware TactX Keyboard CI 1.00.130
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{7A4D8A1A-7E49-A74A-038C-3A372948C9FA}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX(TM) Mouse CI 1.00
"{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{31a3fa52-836b-48df-9c60-4a5021a454db}" = Nero 9 Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = RustyHearts PWE
"{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Fraps" = Fraps (remove only)
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Runic Games Torchlight" = Torchlight
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 1250" = Killing Floor
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 440" = Team Fortress 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 98200" = Frozen Synapse
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2011 11:26:04 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:38 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:38 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:42 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:43 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:48 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:49 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/16/2011 11:26:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyT oken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Dell Events ]
Error - 6/26/2011 1:56:37 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 1:28:25 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 1:28:25 AM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/2/2011 7:45:31 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/2/2011 7:45:31 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/7/2011 4:58:11 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/7/2011 4:58:11 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 4:55:01 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 4:55:01 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/22/2011 6:30:18 PM | Computer Name = Ben-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 8/16/2011 11:27:17 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 8/16/2011 1:48:10 PM | Computer Name = Ben-PC | Source = bowser | ID = 8003
Description =

Error - 8/16/2011 3:09:00 PM | Computer Name = Ben-PC | Source = bowser | ID = 8003
Description =

Error - 8/18/2011 4:24:31 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 8/18/2011 4:24:31 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 8/19/2011 4:41:29 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 8/19/2011 4:41:29 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 8/22/2011 11:08:27 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 for x64-based Systems (KB2539636).

Error - 8/22/2011 11:19:53 PM | Computer Name = Ben-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 8/23/2011 3:57:15 PM | Computer Name = Ben-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
appdata, roaming, rundll error, windows 7 64-bit

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑