My HijackThis log

timberflake · 26 June 2012 at 9:42PM

Hi guys, just got a new Lenovo laptop and like any new machine it's loaded with rubbish!

I'm slowly working my way through it removing the stuff I can, but can anyone take a look at my HijackThis log and give me any tips:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

timberflake · 28 June 2012 at 9:24AM

Can anyone offer any advice?

waddler_8 · 28 June 2012 at 1:07PM

The log is incomplete so it's hard to tell. HijackThis doesn't run well on x64 systems.

Run OTL instead - Quick scan - and post the log(s) here from that instead. (you may need to split the logs over separate posts)

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

timberflake · 28 June 2012 at 1:43PM

Hi, thanks for the response. Here's the log:

OTL logfile created on: 29/06/2012 13:36:46 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.34% Memory free
7.89 Gb Paging File | 6.24 Gb Available in Paging File | 79.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 359.41 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive

| 29.00 Gb Total Space | 27.42 Gb Free Space | 94.58% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 13:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Downloads\OTL.exe
PRC - [2012/06/27 00:55:53 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/14 23:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/14 03:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 00:55:53 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/14 23:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 19:29:38 | 000,015,760 | ---- | M] () -- C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll
MOD - [2012/03/06 23:46:58 | 000,603,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswOtl.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/27 00:55:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 20:46:48 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/05 23:49:38 | 000,010,240 | ---- | M] (ProjectsWithLove) [Disabled | Stopped] -- C:\Program Files (x86)\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe -- (ServeToMe-Service)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/24 15:18:39 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/03/24 15:18:37 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/03/24 15:15:58 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/03/24 15:15:58 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/08 02:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 10:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/10 20:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 11:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 07:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/09/21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/05/08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

timberflake · 28 June 2012 at 1:44PM

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB490
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/27 00:49:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 20:50:22 | 000,000,000 | ---D | M]

[2012/06/27 00:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2012/06/28 16:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\qej1iudl.default\extensions
[2012/06/27 19:13:54 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\qej1iudl.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012/06/27 20:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/27 00:49:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/27 19:10:13 | 000,013,345 | ---- | M] () (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QEJ1IUDL.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
[2012/06/27 21:10:35 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QEJ1IUDL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/27 19:08:43 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QEJ1IUDL.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catal!!!\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catal!!!\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD15AAD-BF1B-4301-8812-7816A3854BB6}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E34C3FDF-6490-441C-969C-B1AEA84A16D2}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\iastorui.exe: De!!!!!! - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: De!!!!!! - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: De!!!!!! - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: De!!!!!! - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 12:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/29 09:06:20 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\MPlayer
[2012/06/29 08:54:33 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\vlc
[2012/06/28 16:52:55 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/06/27 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/27 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/27 21:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/27 21:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/27 21:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/27 21:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/27 21:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/27 21:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/27 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/27 21:06:27 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2012/06/27 21:06:26 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2012/06/27 21:06:25 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2012/06/27 21:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/06/27 21:05:49 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TuneUp Software
[2012/06/27 21:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/06/27 21:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/27 21:04:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/27 21:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/27 20:51:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
[2012/06/27 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Apple Computer
[2012/06/27 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Apple Computer
[2012/06/27 20:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/27 20:31:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2012/06/27 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/27 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/27 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/27 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/27 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/27 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Apple
[2012/06/27 20:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/27 20:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/27 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/27 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/27 20:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/27 20:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/27 20:23:00 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/06/27 20:23:00 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/06/27 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/27 20:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/06/27 20:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/06/27 20:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/06/27 20:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012/06/27 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\ProjectsWithLove
[2012/06/27 20:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ProjectsWithLove
[2012/06/27 20:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProjectsWithLove
[2012/06/27 19:40:51 | 000,000,000 | R--D | C] -- C:\Users\Ben\Dropbox
[2012/06/27 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/27 19:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Dropbox
[2012/06/27 19:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/27 19:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/06/27 19:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/06/27 19:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/06/27 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/27 19:28:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Microsoft Help

timberflake · 28 June 2012 at 1:44PM

[2012/06/27 19:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/06/27 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/27 19:27:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/27 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/06/27 19:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/06/27 19:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/27 19:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/06/27 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2012/06/27 19:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/27 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/06/27 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/27 18:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/27 18:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/06/27 18:15:28 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Newsbin
[2012/06/27 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Newsbin
[2012/06/27 18:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Newsbin
[2012/06/27 00:56:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Macromedia
[2012/06/27 00:55:47 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/06/27 00:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/27 00:50:02 | 000,819,032 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/06/27 00:50:02 | 000,337,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/06/27 00:50:02 | 000,069,976 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/06/27 00:50:02 | 000,059,224 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/06/27 00:50:02 | 000,053,080 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/06/27 00:50:02 | 000,024,408 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/06/27 00:50:01 | 000,258,520 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/06/27 00:49:47 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/06/27 00:49:46 | 000,201,352 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/06/27 00:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/27 00:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/27 00:46:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Mozilla
[2012/06/27 00:46:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Mozilla
[2012/06/27 00:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/27 00:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/27 00:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/27 00:33:21 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/06/27 00:25:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Macromedia
[2012/06/27 00:25:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Adobe
[2012/06/27 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Google
[2012/06/27 00:21:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Google
[2012/06/27 00:14:23 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/06/27 00:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/06/27 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/06/26 23:59:13 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Intel Corporation
[2012/06/26 23:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2012/06/26 23:58:19 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/26 23:58:19 | 000,000,000 | R--D | C] -- C:\Users\Ben\Searches
[2012/06/26 23:58:19 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/26 23:58:19 | 000,000,000 | -H-D | C] -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/26 23:58:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Identities
[2012/06/26 23:58:08 | 000,000,000 | R--D | C] -- C:\Users\Ben\Contacts
[2012/06/26 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\VirtualStore
[2012/06/26 23:57:50 | 000,000,000 | --SD | C] -- C:\Users\Ben\AppData\Roaming\Microsoft
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Videos
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Saved Games
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Pictures
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Music
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Links
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Favorites
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Downloads
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Documents
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\Desktop
[2012/06/26 23:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\Temporary Internet Files
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Templates
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Start Menu
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\SendTo
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Recent
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\PrintHood
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\NetHood
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Videos
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Pictures
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Music
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\My Documents
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Local Settings
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\History
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Cookies
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Application Data
[2012/06/26 23:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\Application Data
[2012/06/26 23:57:50 | 000,000,000 | -H-D | C] -- C:\Users\Ben\AppData
[2012/06/26 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Temp
[2012/06/26 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Microsoft
[2012/06/26 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Media Center Programs
[2012/06/26 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012/06/26 23:56:01 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/06/29 13:39:27 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 13:39:27 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 13:35:59 | 000,782,838 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/29 13:35:59 | 000,667,684 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/29 13:35:59 | 000,126,328 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/29 13:31:19 | 000,275,805 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/06/29 13:30:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/29 13:30:45 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 12:18:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 21:57:42 | 000,768,750 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/27 21:49:24 | 000,001,414 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk
[2012/06/27 20:24:14 | 000,360,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/27 19:57:07 | 000,001,133 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/27 19:40:13 | 000,001,009 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/27 00:54:23 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/06/27 00:54:23 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/06/27 00:50:02 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/06/27 00:21:12 | 000,001,437 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/27 00:13:35 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/27 00:02:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

========== Files Created - No Company Name ==========

[2012/06/29 12:41:13 | 3177,074,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/27 21:49:24 | 000,001,414 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk
[2012/06/27 21:47:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/27 21:06:08 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/06/27 20:29:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/27 20:01:12 | 000,003,011 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ServeToMe.lnk
[2012/06/27 19:40:13 | 000,001,009 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/27 19:36:51 | 000,001,133 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/27 19:23:57 | 000,768,750 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/27 19:00:35 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/27 00:55:53 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 00:50:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2012/06/27 00:46:47 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/27 00:21:12 | 000,001,437 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/27 00:13:35 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/27 00:02:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/06/26 23:58:26 | 000,001,409 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/26 23:58:21 | 000,001,443 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/26 23:57:50 | 000,000,290 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/26 23:57:50 | 000,000,272 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/24 15:23:34 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/03/24 15:23:34 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/03/24 15:09:01 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/03/24 15:09:01 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/03/24 15:09:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/03/24 15:09:01 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/03/24 15:08:56 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/03/24 15:01:57 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2012/03/24 15:01:57 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2012/03/24 14:59:10 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012/03/24 14:46:44 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/24 14:46:43 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/24 14:46:42 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/06/29 13:31:30 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Dropbox
[2012/06/27 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2012/06/27 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TuneUp Software
[2009/07/14 06:08:49 | 000,008,348 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

timberflake · 28 June 2012 at 1:45PM

OTL Extras logfile created on: 29/06/2012 13:36:46 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ben\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.34% Memory free
7.89 Gb Paging File | 6.24 Gb Available in Paging File | 79.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 359.41 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive

| 29.00 Gb Total Space | 27.42 Gb Free Space | 94.58% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FBD8DE3-509B-4717-A607-75258025258D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{58EA016B-FAB0-406C-985F-B6AB9B33CB2F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3ECB88F-8E55-4B05-A1FA-06E0C52DEEA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06200861-E770-405A-ADF7-D9796C8595F4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{27BC388E-5FB9-4901-B392-5DE3F2556FA7}" = protocol=6 | dir=in | app=c:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe |
"{3DB3E452-96AA-45D9-AAA0-9FF02AA2DEAF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4F53BDE5-013E-4CE0-A218-1256797A8B52}" = protocol=6 | dir=out | app=c:\program files\newsbin\newsbinpro64.exe |
"{5830F003-69D8-409E-B249-1FF40C68BB6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64B540EA-A987-491A-9178-2D936C76FFBB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6779E037-B2AB-436B-886E-472D4920E50D}" = protocol=17 | dir=in | app=c:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe |
"{8E300AC7-5281-4ED2-AB40-661223D9F63E}" = protocol=6 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe |
"{96BFA6DC-EEC2-4D33-A14E-439BD50F5324}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EDE5F57-9274-42D2-B741-B2AF82676940}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A6430AD1-9750-4359-A5A4-60008A661228}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BB92D200-5832-4213-A2EB-FBD5D2B6FAC5}" = dir=in | app=c:\program files (x86)\projectswithlove\servetome\servetome-service.exe |
"{C0D01B76-7FD4-452B-BFDC-B6C9F040783C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D06F3E5A-D708-41B5-B5AF-311958AAF227}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E81C57BC-FB09-441D-B503-5076B61D4D88}" = protocol=17 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe |
"TCP Query User{96EC26F3-55A9-49A3-8A37-B019001F2FAD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C0C81DF1-3A00-433A-8357-70D137A218BB}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{2E6F1DEF-99C6-4E1B-9122-6391404A1E7A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{AC84E8D7-0016-4850-970F-05B561E0493D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Newsbin6" = Newsbin Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E79A9E-264D-44E2-90BD-14E006F0181C}" = ServeToMe
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HandBrake" = HandBrake 0.9.6
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"KNOWHOW(TM) APP CENTRE 25501" = KNOWHOW(TM) APP CENTRE
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PS3 Media Server" = PS3 Media Server
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/06/2012 13:53:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 13:53:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 13:53:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 13:53:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 13:53:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 14:00:00 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 14:00:00 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

timberflake · 28 June 2012 at 1:46PM

Error - 27/06/2012 14:41:48 | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/06/2012 15:00:32 | Computer Name = Ben-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 27/06/2012 15:00:33 | Computer Name = Ben-PC | Source = MsiInstaller | ID = 11500
Description =

[ System Events ]
Error - 27/06/2012 14:31:27 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7030
Description = The Machine Debug Manager service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 27/06/2012 14:33:20 | Computer Name = Ben-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 27/06/2012 14:56:48 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 27/06/2012 14:56:48 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 27/06/2012 15:01:26 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070652: Update for Microsoft Office InfoPath 2007 Help (KB963662).

Error - 27/06/2012 15:11:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405).

Error - 27/06/2012 15:11:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Update for Windows 7 for x64-based Systems (KB2522422).

Error - 27/06/2012 15:11:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Microsoft Office PowerPoint 2007 Help (KB963669).

Error - 27/06/2012 15:11:58 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Malicious Software Removal Tool x64 - June 2012
(KB890830).

Error - 27/06/2012 15:12:00 | Computer Name = Ben-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2676562).

< End of report >

waddler_8 · 28 June 2012 at 8:34PM

That doesn't look too bad to be honest.

Run these MS fixits

http://go.microsoft.com/?linkid=9746381
http://go.microsoft.com/?linkid=9767096

My HijackThis log

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free